Security audit

Nex DepCheck

Security checks across malware telemetry and agentic risk

Overview

Nex DepCheck is a local Python dependency scanner with no evidence of hidden network access, credential handling, destructive behavior, or background execution.

Install this if you want a local command-line tool for checking Python skill dependencies. Invoke it explicitly and point it only at the project or file you intend to scan, since directory scans will read Python files under that target path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad and generic, such as 'check imports' and 'check dependencies', which can cause the skill to activate unintentionally in unrelated conversations about code or packaging. Unintended invocation can expose local file paths or cause the agent to perform scans the user did not clearly intend, increasing the chance of accidental data access or disruptive behavior.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal