Token Audit
Security checks across malware telemetry and agentic risk
Overview
Token Audit appears to be a local workspace cost analyzer whose file-reading behavior matches its stated purpose.
This appears safe to install for local workspace cost analysis. Running it will read workspace, memory, and installed skill files and may display file paths and token counts, so use the --workspace option when you want to limit what it scans.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
No VirusTotal findings