refactoring-specialist

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable refactoring guidance skill, and its code-changing advice is disclosed and aligned with its purpose.

Reasonable to install. Use it on a branch, give it a specific refactoring target, review diffs before accepting changes, and require tests or CI before merging. Be more cautious for database schema, API contract, or broad cross-file refactors.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill's activation criteria are broad and underspecified, so it could be invoked in contexts beyond narrowly scoped refactoring tasks. In an agent system, ambiguous triggering increases the chance this high-capability skill performs code-changing actions when not intended, which can amplify unsafe automation, unintended edits, or misuse across unrelated requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal