VibeSafe — Security Pre-Flight for AI Coding Agents
Security checks across malware telemetry and agentic risk
Overview
This skill is a transparent dependency-audit workflow with no evidence of hidden or malicious behavior.
Before installing, be comfortable with the agent running local audit commands and public vulnerability lookups. Review any external scripts from the linked repository before executing them, approve package installs like pip-audit if you want tighter environment control, and treat generated audit certificates as time-limited evidence rather than a permanent security guarantee.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.