Code Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward code-review skill that only instructs the agent to analyze user-provided code and produce a report.

Install this if you want structured code analysis reports. When using it, point the agent at specific files or directories and avoid including secrets or proprietary code unless you are comfortable having that code read for the review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises very broad trigger phrases like "code analysis", "code review", and "security review", which overlap with many ordinary user requests and can cause ambiguous or unintended activation. In an agent ecosystem, this can route unrelated requests into a powerful file-reading and analysis workflow, increasing the chance of overreach, inappropriate handling of sensitive code, or confusion with more specialized skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal