Factory AI Droid

Security checks across malware telemetry and agentic risk

Overview

This skill is a thin wrapper for a powerful third-party coding agent CLI that can modify code, deploy, add extensions, and use persistent org-wide context without enough scoping or safety guidance.

Install only if you trust the Factory `droid` binary and account connection. Before use, verify the binary source/version, avoid `--force` unless explicitly intended, require review before commits, PRs, deployments, plugin installs, or MCP server changes, and confirm how Factory scopes and clears org-wide code context and session memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly promotes high-risk operations such as `droid exec --force` and deployment actions, but provides no guardrails, warnings, or approval guidance about automatic code changes or production-impacting commands. In an agent skill context, this can normalize unsafe use of autonomous actions and increase the chance that users invoke destructive, irreversible, or externally affecting operations without understanding the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal