LoRA Toolkit

Security checks across malware telemetry and agentic risk

Overview

This LoRA helper appears purpose-built, but its generated training script can run code from remote model repositories without clearly warning the user.

Review any generated train.py before running it. Use only trusted model repositories, remove trust_remote_code=True unless a model truly requires it, pin model revisions where practical, and run training inside a virtual environment or container.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The generated Python script loads models and tokenizers with trust_remote_code=True, which allows arbitrary Python code from a model repository to execute locally during training setup. In a script-generation tool, this expands behavior from configuration into code execution of untrusted third-party content, creating a meaningful supply-chain and arbitrary code execution risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal