Amp Code

Security checks across malware telemetry and agentic risk

Overview

This skill transparently delegates coding work to Amp, but it defaults to letting Amp edit and run actions without confirmation in the chosen project.

Install only if you are comfortable giving Amp unsupervised authority over the selected repository. Use it on trusted projects, preferably on a clean branch or disposable checkout, avoid repositories containing secrets, verify which `amp` binary will run, and review diffs and test results before merging or deploying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script invokes Amp with --dangerously-allow-all, explicitly disabling tool confirmation prompts while feeding it arbitrary task text and giving it autonomous access to the target repository. In the context of a coding-agent wrapper, this materially increases the risk of destructive file changes, unsafe command execution, secret exposure, or supply-chain-impacting modifications without any human checkpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal