Code Executor

Security checks across malware telemetry and agentic risk

Overview

This skill openly gives an agent broad code and shell execution powers, but its safety limits and activation scope are not clear enough for automatic trust.

Install only if you deliberately want an agent-accessible code runner. Use it in a disposable or well-enforced sandbox, review every generated script and shell command before execution, avoid sensitive folders and production systems, and independently verify that filesystem, network, timeout, dependency-install, and confirmation controls are actually enforced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill documents a default read-only filesystem policy, but elsewhere provides a concrete file-renaming workflow that performs write operations. This mismatch can cause operators or downstream agents to overtrust the documented safeguards and approve execution under false assumptions, increasing the chance of unintended file modification or data loss.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Generic triggers like "solve" and "compute" are overly broad and can match normal conversational requests, causing accidental invocation of a powerful code-execution skill. In this skill's context, unintended activation is especially risky because it may lead to dynamic code generation and execution for tasks that did not require such privileges.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal