Kinema's TDD Injector (CLAUDE.md generator)

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent CLAUDE.md generator for TDD rules, with expected repository writes and an optional user-selected test-directory rename.

Install only if you want this skill to create or update a persistent CLAUDE.md in a repository. Review the diff before accepting the final write, and choose the git mv option only if you are comfortable renaming an existing test directory to tests/ and updating any paths or tooling that depend on the old name.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill is presented as a one-time `CLAUDE.md` generator, but this step instructs it to rename repository test directories with `git mv`. That expands scope from documentation generation to modifying project source layout, which can disrupt builds, tooling, and developer workflows if invoked unexpectedly or without strong safeguards.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The document contains conflicting instructions: it says the skill does not automatically migrate tests, yet earlier it tells the agent to rename the test directory immediately. This inconsistency is dangerous because users may consent to a documentation-only change while the agent performs filesystem modifications, increasing the risk of unauthorized or surprising repository changes.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The README advertises very generic trigger phrases such as 'set up testing methodology' and 'import kinema's test rules', which can plausibly occur in ordinary repository discussion. In a skill system that auto-suggests or auto-invokes capabilities based on conversational matches, this increases the chance of unintended activation of a repository-modifying injector.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README describes the skill as a 'one-time injector' that generates a customized CLAUDE.md file in the target repository, but it does not prominently warn users that repository files will be created or modified. For a tool designed to write persistent project instructions, lack of explicit modification disclosure can lead to surprising, potentially unsafe changes being applied under ambiguous user intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad natural-language requests such as setting up testing methodology, which could match ordinary conversation and cause the skill to be suggested or invoked unintentionally. In this skill's context, unintended invocation matters because the workflow performs repository scanning, file writes, and potentially renames directories.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instructions authorize `git mv` on user files without a prominent safety warning at the point of action. Because directory renames are state-changing and may affect imports, CI, and tooling, lacking a strong modification warning increases the chance of the user agreeing without understanding the operational impact.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal