Security audit
Agentlens
Security checks across malware telemetry and agentic risk
Overview
AgentLens appears to be a documentation-navigation skill that helps an agent read project structure, with no evidence of code execution, persistence, or data exfiltration.
This looks safe to install for codebase-documentation navigation. As with any skill that guides an agent’s reading workflow, install it only if you want the agent to consult .agentlens documentation in your repositories, and review those project-local docs if they come from an untrusted source.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
