Code Runner Local

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims by running code locally, but users should treat any snippet it runs as fully trusted software.

Install only if you want an agent to run code on your machine. Review snippets before execution, avoid running untrusted code, and use a disposable container or sandbox for code that might read files, access the network, run shell commands, or modify the system.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill’s invocation guidance is extremely broad—covering generic requests to run, test, verify, or demonstrate code—without meaningful exclusions or stronger trust boundaries. In an agent setting, that increases the chance the skill is invoked for untrusted user-supplied code, which can lead to execution of filesystem, network, or system-command payloads even though the document includes only high-level cautions later.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This script is intentionally designed to execute user-supplied code across many languages, including shell-capable runtimes, by constructing and invoking system commands with exec(). In an agent-skill context, that creates a real remote code execution surface on the host environment with access to local files, network, installed tools, and interpreter behavior; the timeout only limits duration, not capability.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal