Back to skill

Security audit

Ralph Wiggum Loop

Security checks across malware telemetry and agentic risk

Overview

This is a user-run LM Studio code improvement tool, but users should avoid sending sensitive code to untrusted LLM endpoints or models.

Install only if you trust the packaged files or the referenced GitHub repository. Keep LMSTUDIO_URL on localhost unless you intentionally trust the remote endpoint, do not run it on code containing secrets, and review any generated or rewritten code before using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The analyzer sends the full supplied source code and optional context to an external chat-completions API, which can expose proprietary code, secrets, credentials, or personal data embedded in the analyzed file. Because the transfer happens automatically and the endpoint is configurable, users may unintentionally exfiltrate sensitive content to a remote service or attacker-controlled endpoint.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code performs the outbound POST of analyzed content without any user-facing warning, confirmation, or dry-run indication. In a code-review skill, users may reasonably expect analysis to remain local unless clearly told otherwise, so silent transmission materially raises confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends source code and prompt content to the LM Studio chat/completions API with no explicit warning, confirmation, or disclosure at the point of use. Even if LM Studio is local by default, the endpoint is configurable via LMSTUDIO_URL, so sensitive code or secrets may be transmitted to a remote service unexpectedly.

Ssd 4

Medium
Confidence
94% confidence
Finding
Untrusted 'context' is inserted directly into the user prompt ahead of the code being reviewed, giving an attacker a place to inject instructions that can bias or suppress the model's analysis. This is a prompt-injection issue: although it may not directly execute code, it can undermine the integrity of the review output and cause dangerous false negatives or manipulated findings.

Ssd 1

Medium
Confidence
97% confidence
Finding
The model selection logic explicitly prefers models labeled 'uncensored' or 'liberated', which semantically biases the system toward models that may have fewer safety restrictions. In a generic code/text generation tool, this increases the likelihood of producing unsafe, policy-bypassing, or harmful outputs when given adversarial or risky prompts, especially because the tool forwards user-controlled task/context/input directly to the model.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.