Back to skill

Security audit

AI 网站上线助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a deployment-audit helper that is clear about inspecting a local project, avoiding secrets, and only uploading static publishable files under scoped conditions.

Before installing, understand that this skill is meant to read your local project structure and source evidence for deployment analysis. Only use the static upload path when you are comfortable sending the selected publishable site files to the configured Coze transfer endpoint, and review the generated dossier and manifest to confirm no secrets or unintended files are included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.