Code Security Checks

Security checks across malware telemetry and agentic risk

Overview

This is a checklist-style code security review skill with no executable code, installs, credential requests, persistence, or hidden data movement.

Reasonable to install as a security-review checklist. Invoke it with a clear file, module, or diff scope, do not paste live secrets unnecessarily, verify secret redaction in reports, and ask the publisher to fix the malformed trigger metadata before relying on automatic activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: This manifest lists a triggers section, but the value shown as "System.Object[]" does not provide any actual trigger phrases, scope limitations, or exclusion conditions. That makes it unclear what inputs activate the skill and increases the risk of unintended invocation.

VirusTotal

No VirusTotal findings

View on VirusTotal