Mini Coder Max

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coding workflow skill with broad activation wording but no hidden install steps, persistence, credential handling, or exfiltration behavior.

Install this only if you want a general-purpose coding workflow skill that may activate on broad coding-related language. For sensitive repositories, review its plan before allowing file changes or web research, and do not include private credentials or secrets in prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger keywords are extremely broad and generic (for example, 'code', 'build', 'fix', 'create', 'develop'), which can cause the skill to activate during ordinary conversations that merely mention software work. Unintended activation increases the chance that the agent applies this skill's workflow and tool-using behavior in contexts where it was not requested, expanding attack surface and creating opportunities for prompt-injection chaining or unnecessary external actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal