consensus-engineer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, interactive setup assistant for consensus-tools that may modify a project, but its requested access fits its stated purpose.

Install this in a version-controlled project, review generated diffs and package-manager commands before allowing setup, and do not let it read .env or key files. Enable MCP, tracing, provider API keys, workflow automation, or cron only when you understand the resulting tool access and local state changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to create configuration files and scaffold source code inside the user's project, but it does not require an explicit confirmation immediately before making those modifications. In an agentic environment with Write/Edit privileges, this can lead to unintended local file changes, overwriting existing work, or introducing unreviewed code into a repository.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill includes package installation, build verification, and runtime execution steps that may run shell commands affecting the user's system and project state, yet it does not mandate an explicit warning and confirmation right before executing them. This creates risk of unanticipated dependency changes, lockfile updates, network access, or execution of project scripts in a sensitive environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal