Security audit

OpenSpec

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenSpec workflow helper, but users should review its global npm install and repository-changing commands before use.

Install this only if you trust the OpenSpec npm package, and consider pinning a version instead of using `@latest` for reproducible or sensitive projects. Use version control, inspect generated `openspec/` and `.claude/skills/` files, and review changes before running archive or accepting implementation edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description is very broad and can cause the skill to activate on routine development prompts such as feature work, refactors, planning, or any mention of /opsx commands. In an agent setting, overbroad auto-invocation increases the chance the agent follows this workflow unnecessarily and begins making structured repository changes or running CLI commands without the user clearly requesting OpenSpec-specific behavior.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documented `openspec archive <name> --yes` command suppresses confirmation for an operation that merges specs and moves change artifacts, which can alter repository state in a non-trivial way. Presenting this as a standard step without warning makes it more likely an agent will execute a destructive or irreversible action automatically, especially in unattended or tool-enabled environments.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The agent workflow instructs the agent to create files under `openspec/changes/<name>/`, implement tasks, validate, and archive, but it does not require explicit user consent before modifying the repository. In a tool-using agent, these instructions can translate directly into file writes and broader code changes, creating a risk of unintended modification beyond what the user expected.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal