Back to skill

Security audit

Analyzes code for improvements including code smells, design patterns, and best practices. Invoke when user asks for code analysis, code review, or suggestions to improve code quality.

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only code review helper that gives maintainability advice and does not install code, run commands, or request sensitive access.

Install this if you want general code-quality and refactoring suggestions. Treat it as maintainability guidance rather than a security audit, and review any suggested code changes before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description uses very broad invocation language such as "code analysis," "code review," and "suggestions to improve code quality," which can match a wide range of ordinary developer requests. In an agent system, overly broad routing can cause this skill to activate in contexts it was not specifically intended for, increasing the chance of misrouting, inappropriate handling, or overshadowing more specialized skills.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The "When to Use" section contains ambiguous triggers like "user asks for code analysis or code review" and references to general best-practice improvement requests without boundary conditions. Because there are no negative examples or disambiguation rules, the skill could be invoked for broad review tasks that may include security-sensitive, compliance, or specialized analysis outside its intended scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.