Security audit

Security Auditor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only security review skill with educational vulnerable-code examples, not a tool that installs code or accesses data on its own.

Install this if you want an agent to help with security reviews. Treat its command suggestions, such as dependency audits, as actions to approve deliberately, especially when reviewing sensitive auth or environment-related files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: SKILL.md:91