Security audit
coder
Security checks across malware telemetry and agentic risk
Overview
This is a simple informational skill that requests execution permission only to run a bundled script that prints fixed brand and feature text.
This appears safe to install if you only expect an informational coder namespace skill. Be aware that it requests exec permission and the bundled script currently appears to have Windows-style/BOM encoding artifacts that may prevent it from running correctly on Linux until repackaged.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
