Back to skill

Security audit

Agent Code Debugger

Security checks across malware telemetry and agentic risk

Overview

This skill is a local code-debugging helper, and the only scanner concern appears to be a false positive from text that detects dangerous code patterns rather than running them.

Reasonable to install for local code debugging and pattern checks. Review the source before using it with highly sensitive code, mainly because publisher provenance is limited, not because the artifacts show hidden or unsafe behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
index.js:222