Scope Sentinel

Security checks across malware telemetry and agentic risk

Overview

This is a single-file productivity skill that openly monitors coding-session scope drift and does not include executable code, network access, or hidden install behavior.

Install only if you want the agent to watch your task scope during coding. Set a clear task anchor, use Off or Exploratory mode for open-ended work, avoid saving session summaries that include sensitive project details, and require confirmation before any stash, commit, or scope expansion action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: This section describes continuous monitoring of file modifications, time spent outside scope, and logging of user decisions, but does not prominently warn the user that development activity may be observed and recorded. In a coding assistant context, silent monitoring and session logging can expose sensitive project structure, filenames, task intent, and workflow metadata, creating a privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal