Back to skill

Security audit

Taku Think

Security checks across malware telemetry and agentic risk

Overview

This is a planning and design helper that may read project context and write local design notes, with no evidence of hidden or harmful behavior.

Install this if you want a structured design-planning workflow. Expect it to read relevant project files and create or update local planning documents such as DESIGN.md or .taku notes; review those files before approving any build handoff and avoid putting secrets in planning notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
94% confidence
Finding
The skill instructs the agent to append a `## Design System` section to `DESIGN.md` without requiring any user-facing confirmation or disclosure before modifying files. In an agent workflow, silent file writes can surprise users, create unintended repository changes, and normalize state-changing behavior when the user may have only asked for analysis or discussion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.