Codon

Security checks across malware telemetry and agentic risk

Overview

Codon appears to be a legitimate local memory organizer that creates a workspace MEMORY folder without hidden network, credential, destructive, or privilege behavior.

Install this only if you want the agent to keep persistent notes in your workspace. Review the MEMORY/ folder periodically and avoid storing secrets or sensitive personal/business data unless you are comfortable keeping it in local markdown files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: This markdown file states that the skill creates a `MEMORY/` directory in the user's workspace, which is a file-system modification affecting user data. The description explains what happens, but it does not explicitly warn the user that installing or initializing the skill will write files into the current workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal