Ntriq X402 Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a simple paid remote code-review skill; the main caution is that submitted code is sent to Ntriq’s service and charged per call.

Install only if you are comfortable sending reviewed code to Ntriq’s external service and authorizing the disclosed $0.05 USDC charge per call. Do not submit secrets, credentials, regulated data, or proprietary code unless you have permission and trust the provider’s data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill asks users to submit arbitrary source code to a third-party HTTPS endpoint for analysis but does not clearly warn that the code leaves the local environment and is transmitted to an external service. Users may unknowingly send proprietary source, credentials, secrets, or regulated data, creating confidentiality and compliance risk even if the service behaves as intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal