Back to skill

Security audit

Meta Debugger

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it advertises autonomous code/configuration fixes and broad logging without enough scope, approval, or privacy controls.

Install only after reviewing the code and usage. Keep safe_mode enabled and auto_fix disabled unless every proposed fix is shown for human approval with clear target paths, diffs, tests, and rollback. Do not run the documented `pip install json traceback ast` command as written, and avoid sending secrets or personal data in error context unless you add redaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description promises broad, always-on capabilities like automatically identifying, analyzing, fixing, and learning from errors without defining narrow activation triggers or scope boundaries. In an agent setting, this can cause the skill to engage on arbitrary failures and expand into unreviewed actions, increasing the chance of unsafe behavior and unintended modification of code, configuration, or runtime state.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation repeatedly describes generating patches, fixing configuration issues, and applying fixes autonomously, but it does not prominently warn that these actions can alter systems, corrupt state, break services, or expose data if the diagnosis is wrong. Because the skill is explicitly framed as self-healing and automatic, operators may enable it in sensitive environments without understanding the risk of autonomous write actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The debugger records stack traces, error messages, and later captures stringified args/kwargs in wrapped calls, which can include secrets, tokens, personal data, file paths, or internal system details. In a debugging skill that centralizes error history, this materially increases the chance of sensitive-data exposure through logs, telemetry, persistence, or later inspection.

Ssd 3

Medium
Confidence
92% confidence
Finding
The best-practice instruction to 'Log Everything' encourages indiscriminate retention of errors, inputs, stack traces, and context objects, which commonly contain secrets, personal data, tokens, prompts, and proprietary information. In a debugging skill that records errors and learning history, this guidance materially increases the likelihood of sensitive data collection and long-term exposure through logs, pattern stores, or analytics.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.