Back to skill

Security audit

Agentic Framework Auditor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an audit-oriented tool with no malware telemetry and no artifact-backed evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable with the skill inspecting audit targets and producing reports that may include prompt or instruction text. Avoid running it on confidential repositories or private agent configuration unless you intend that material to appear in the audit output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function returns raw `instructions` and `prompt_events` as part of the audit payload, and those structures can contain agent-facing prompt text, local instructions, and potentially sensitive embedded data. In this skill's context, the auditor is explicitly designed to ingest prompt/config/memory-like files, so aggregating and re-emitting that content increases the chance of exposing secrets, proprietary prompts, or malicious injected text to downstream consumers, logs, or UIs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.