ClawHub
Back to skill

Security audit

VS Code Copilot Custom Agent Creator

Security checks across malware telemetry and agentic risk

Overview

This is a text-only helper for creating VS Code Copilot custom agent files, with no hidden scripts or automatic behavior found.

Reasonable to install if you want help writing VS Code Copilot custom agents. Review any generated agent’s tools, MCP access, handoffs, and hooks before using it, especially user-level agents under ~/.copilot/agents because they can persist across workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.