Known Vulnerable Dependency: vitest==1.2.0 — 1 advisory(ies): CVE-2025-24964 (Vitest allows Remote Code Execution when accessing a malicious website while Vit)
Critical
- Category
- Supply Chain
- Confidence
- 94% confidence
- Finding
- vitest==1.2.0
Discord Message Guard
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Discord message-filtering middleware with dependency hygiene to review, not evidence of malicious behavior.
Before installing, review and update npm dependencies, keep or regenerate the lockfile, and consider pinning dev tooling versions. Use only the Discord permissions and message-content access your bot needs, avoid production logging of sensitive channel content, and call the guard's destroy method during shutdown.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
67/67 vendors flagged this skill as clean.