Security audit
Skill Forge
Security checks across malware telemetry and agentic risk
Overview
This is a local skill and test-suite generator with disclosed file writes and optional local-tool execution, and I found no hidden data access, persistence, or malicious behavior.
Install this only if you want a local tool that generates SKILL.md and task_suite.yaml files. Review generated outputs before relying on them, because the docs claim some calibration and judge-selection safeguards that the code does not fully implement. Use --evaluate or --auto-improve only if you trust the local improvement-evaluator and improvement-orchestrator installations they call.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.