Security audit
Comanda
Security checks across malware telemetry and agentic risk
Overview
Comanda is an instruction-only workflow skill whose powerful local automation features are disclosed and aligned with its purpose.
Install only if you trust the separate comanda CLI and the workflows you run. Review generated YAML before using comanda process, keep tool allowlists narrow, prefer read-only commands, avoid untrusted shell-enabled workflows, scope API keys where possible, and be careful when indexing private repositories or running long agentic loops.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
