Security audit
Phy Api Version Audit
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed local source-code auditor that reads project files to report API versioning issues, with no evidence of exfiltration, persistence, credential use, or destructive behavior.
Install only if you are comfortable with the agent running the embedded local Python scanner. When using it, point --root at the narrow API project or routes folder you want audited rather than a whole home directory or unrelated monorepo. VirusTotal was still pending, but the artifact and supplied scans did not show suspicious behavior.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.