代码片段管理器

Security checks across malware telemetry and agentic risk

Overview

This is a simple code-snippet manager that stores snippets locally, with no executable code or hidden behavior found.

Install only if you are comfortable with snippets being saved locally. Avoid storing API keys, passwords, private keys, proprietary code, or other sensitive material unless you intentionally want it retained and know where to delete it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad and overlap with ordinary developer conversation, which can cause the skill to activate unintentionally. In a skill that can save or search code snippets, accidental activation may lead to unintended data handling or unexpected writes/searches without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that code snippets are stored in local files, but it does not clearly warn users before data is written. This creates a transparency and consent problem: users may provide proprietary code, secrets, or sensitive snippets without realizing they will persist on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal