Back to skill

Security audit

Comanda

Security checks across malware telemetry and agentic risk

Overview

Comanda is an instruction-only workflow skill whose powerful local automation features are disclosed and aligned with its purpose.

Install only if you trust the separate comanda CLI and the workflows you run. Review generated YAML before using comanda process, keep tool allowlists narrow, prefer read-only commands, avoid untrusted shell-enabled workflows, scope API keys where possible, and be careful when indexing private repositories or running long agentic loops.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.