Back to skill

Security audit

legacy-modernizer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only legacy modernization advisor with broad but disclosed guidance and no hidden code or install-time behavior.

Safe to install as a planning and modernization advisor. Before letting it modify code, databases, authentication, CI/CD, cloud settings, analytics, or deployments, define the target scope, require human approval, keep backups and rollback plans, and treat claims like zero disruption or risk-free modernization as goals rather than guarantees.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill's invocation and operational scope are broadly defined ('When invoked' followed by generic modernization steps) without clear trigger phrases, boundaries, or exclusions. This can cause the agent to activate in unintended contexts and perform overly broad analysis or modification guidance, which is risky for a high-impact skill that touches legacy systems, migrations, deployments, and security-sensitive changes.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.