Back to skill

Security audit

Code Patent Scanner

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only local code analysis helper, with the main caution that it may summarize sensitive repository details in chat output.

Install this only if you are comfortable letting the agent read and summarize the selected repository. Avoid using it on code that contains secrets, unreleased proprietary ideas, or confidential client material unless your chat environment and logs are acceptable places for that information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation phrases are broad and include requests like analyzing a repo for 'unique implementations' or 'technically interesting' code, which can overlap with ordinary code review, architecture exploration, or security analysis requests. This can cause the skill to trigger in contexts where users did not intend patent-oriented processing, increasing the chance of unnecessary code exposure in outputs and steering the interaction away from the user's actual goal.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.