Agentic Security Audit

Security checks across malware telemetry and agentic risk

Overview

This is a visible security-audit skill with purpose-aligned commands, but users should review commands before running them and avoid bypassing its secret-check hook.

Install this only if you want an audit checklist and command snippets for security review. Run commands in a trusted workspace, avoid sharing raw scan output because it may contain secrets, use dependency-fix commands on a branch, and do not use the hook bypass except through a deliberate exception process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tool Parameter Abuse

High

Category: Tool Misuse
Content: if [ $EXIT_CODE -ne 0 ]; then echo "" echo "To proceed anyway: git commit --no-verify" echo "To remove secrets: replace with environment variables" fi exit $EXIT_CODE
Confidence: 91% confidence
Finding: --no-verify

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal