Sugar Finance Bot
Security checks across malware telemetry and agentic risk
Overview
The visible skill artifacts are coherent developer workflow guidance, with sensitive actions disclosed and generally gated by user direction.
Install only if you want these development and maintainer workflows. Be especially deliberate before running the moderation, production migration, PR publishing, or autoreview helper commands, and use the autoreview --no-yolo option if you do not want nested full-access review.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.