Back to skill

Security audit

Security Audit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local security-audit helper that scans chosen folders and does not show hidden network, credential, persistence, or destructive behavior.

Use it on the specific repo or folder you want to inspect, not broad private directories like your home folder, because it recursively reads files and reports paths. Treat results as a basic heuristic scan, not a full antivirus guarantee.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill describes automatic invocation after git clone, skill installation, and before running external scripts, which are very broad triggers in common workflows. Without clear path, trust-boundary, or user-confirmation limits, this can cause over-collection of local files, unexpected execution of auditing logic, or denial-of-service/friction across normal development activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
audit.py:41