Security code review

Security checks across malware telemetry and agentic risk

Overview

This skill is a security-review instruction set that reads code for vulnerabilities and only describes scoped local report files when explicitly requested.

Install this only for repositories you want an agent to inspect for security issues. Treat generated chat reports or `.shield_security/` artifacts as sensitive because they may describe real vulnerabilities, file paths, or secrets found during review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill first says analysis MUST only use read-only tools, but immediately adds an exception allowing file creation in `.shield_security/` during security analysis. This inconsistency can mislead an agent into performing workspace writes when the user did not clearly authorize modification, violating least-privilege expectations and increasing the chance of unintended persistence or tampering.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill permits creating artifacts in the user's workspace without a clear, prominent warning that this analysis may write files. In an agent setting, silent workspace writes can be abused for persistence, data staging, or leaving behind sensitive analysis output that the user did not expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal