Back to skill

Security audit

NeuriCo

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an autonomous research runner, but it can run generated code and publish results to GitHub with broad account permissions before a user review step is clearly required.

Install only if you are comfortable with an external autonomous research framework running generated code and interacting with GitHub. Prefer Docker, inspect or pin the external repo and container image, start with --no-github or --private, use a temporary least-privilege GitHub token where possible, and avoid confidential ideas, datasets, or credentials unless the provider and repository settings are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly states that it will create GitHub repositories, run experiments, and push results automatically, but it does not provide a prominent warning about the operational and data-safety consequences of those actions. In a skill that executes generated code and publishes outputs, users may unknowingly authorize external side effects such as public repo creation, data leakage, or unwanted publication of generated artifacts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly advertises autonomous experiment execution, code generation, LaTeX/PDF production, and GitHub repository creation, but it does not warn users that the skill may perform impactful local and remote actions such as running generated code, consuming compute resources, accessing datasets, or publishing artifacts externally. In a multi-agent research automation context, this omission increases the risk that users invoke the skill without understanding the operational and data-safety consequences, which can lead to unintended execution, data exposure, or repository publication.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| | |
|---|---|
| **What it does** | Takes a research idea (YAML) and autonomously runs the full research lifecycle: literature review, experiment design, code execution, analysis, paper writing, GitHub push |
| **Input** | YAML file with 3 required fields: `title`, `domain`, `hypothesis` |
| **Output** | Code (`src/`), results & plots (`results/`), LaTeX paper (`paper_draft/`), GitHub repo |
| **Providers** | Claude Code, Codex, Gemini (OAuth login, not API keys) |
Confidence
82% confidence
Finding
autonomously run

External Script Fetching

Low
Category
Supply Chain
Content
```bash
git clone https://github.com/ChicagoHAI/neurico && cd neurico
curl -LsSf https://astral.sh/uv/install.sh | sh
uv sync
cp .env.example .env   # edit: add your API keys
claude                  # login to AI CLI
Confidence
95% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
git clone https://github.com/ChicagoHAI/neurico && cd neurico
curl -LsSf https://astral.sh/uv/install.sh | sh
uv sync
cp .env.example .env   # edit: add your API keys
claude                  # login to AI CLI
Confidence
97% confidence
Finding
| sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.