AI Security Audit Pro Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed defensive security-audit plugin that can run scanners and generate reports, with authorization and redaction boundaries stated throughout the artifacts.

Install only if you intend to let your agent run security-audit commands. Use passive/local mode by default, run active scans only on systems you own or are explicitly authorized to test, and keep generated reports controlled because they may contain sensitive findings even when secrets are redacted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script invokes an active security audit against a live staging website using an explicit authorized mode and deep profile, which can generate intrusive traffic and produce sensitive reports. Because the file contains only the command with no warning, confirmation step, or usage guidance, it increases the chance of accidental execution against a real environment and uncontrolled creation of potentially sensitive artifacts.

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal