Semanticfs

Security checks across malware telemetry and agentic risk

Overview

The skill’s local search purpose is coherent, but it asks users to install unreviewed live code and create a persistent searchable index and background local server without enough cleanup or access-boundary guidance.

Install only if you are comfortable trusting the upstream SemanticFS repository and installer. Review the install script first, prefer a pinned release or checksum if available, index only specific project directories, exclude secrets and private data, confirm where the local index is stored, and stop the local server when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

External Script Fetching

Low

Category: Supply Chain
Content: ```bash # Install (Linux/macOS) curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh | bash # Index your workspace semanticfs --config ~/semanticfs.toml index build
Confidence: 99% confidence
Finding: curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh | bash

Chaining Abuse

High

Category: Tool Misuse
Content: ```bash # Install (Linux/macOS) curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh | bash # Index your workspace semanticfs --config ~/semanticfs.toml index build
Confidence: 99% confidence
Finding: | bash

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal