Back to skill

Security audit

根据用户输入的需求描述生成测试用例

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local test-case generator with helper scripts, and no hidden data collection, credential access, or destructive behavior was found.

Install if you are comfortable running local Python helper scripts on your own requirement and test-case files. Choose input and output paths deliberately, keep backups before using batch update commands that overwrite JSON files, and install optional dependencies only from trusted package sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"命令:{command}")
    
    try:
        result = subprocess.run(
            command,
            shell=True,
            capture_output=True,
Confidence
96% confidence
Finding
result = subprocess.run( command, shell=True, capture_output=True, text=True, timeout=30 )

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.