Security audit

Phy Log Smell Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a local code-audit skill with one manual code-editing command users should review before running.

Install is reasonable for local logging audits. Treat any generated fix command as a real code change: run the preview first, work in version control, inspect the diff, and avoid bulk log removal in production or audit-sensitive code without manual review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill provides a bulk deletion command (`find ... | xargs sed -i '/console\.log/d'`) that can modify many source files, yet the warning is minimal and the command is error-prone. In a code-modifying assistant context, encouraging one-command destructive edits without strong safeguards can cause accidental source corruption, unintended deletions, or unsafe use in the wrong path/shell environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.