Back to skill

Security audit

CI/CD Pipeline Debugger / CI/CD流水线调试器

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only CI/CD log debugging skill with no hidden install steps or code, though users should redact sensitive pipeline logs before sharing them.

Install only if you are comfortable giving the agent CI/CD logs to analyze. Before sharing logs or generated diagnostic reports, redact tokens, credentials, environment variables, internal URLs, and proprietary paths, especially from production pipelines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages generating diagnostic reports that include logs and stack traces, but it provides no warning that CI/CD logs commonly contain secrets, access tokens, internal URLs, environment variables, or proprietary code paths. In the context of pipeline debugging, this omission is risky because users may upload or share raw logs and generated reports without redaction, leading to inadvertent data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.