Back to skill

Security audit

ai-code-scanner

Security checks across malware telemetry and agentic risk

Overview

This code-review skill does what it says, but it can upload source code and filenames to an external API without a clear consent step.

Install only if you are comfortable sending reviewed code and filenames to the listed external service. Avoid using it on private repositories, customer data, regulated code, or files that may contain secrets unless the service operator, retention policy, and consent controls are acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest uses very broad trigger phrases such as code review, security audit, static analysis, and generic multilingual terms, making the skill likely to activate for a wide range of common requests. Overbroad routing can cause unintended invocation of an external-scanning skill, exposing sensitive source code or creating confusing tool selection behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill strongly encourages users to 'always run the API scan first' and provides a remote API base URL, but it does not clearly warn that submitted code will be transmitted to an external third-party service. Because code under review often contains proprietary logic, secrets, or customer data, silent exfiltration to an external endpoint is a significant confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends the full code content, language, and filename to a third-party remote API without any explicit user warning, consent prompt, or redaction step. In a code-review tool, this creates a real confidentiality risk because users may unknowingly upload proprietary source, secrets, internal paths, or regulated data to an external service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/review.sh:4