Coding Agent Runner

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented coding-agent runner, but it recommends unsandboxed autonomous agent runs that can commit, push, and open PRs without a clear review checkpoint.

Install only if you intentionally want a skill that can direct agents to run long-lived coding sessions and modify repositories. Prefer sandboxed modes, review generated diffs before any commit or push, avoid `--yolo` on untrusted repos, and use temporary clones or worktrees for PR review and issue-fix workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly recommends `codex --yolo`, which disables both sandboxing and approval checks, allowing arbitrary file and command execution with no human confirmation. In a coding-agent skill designed for programmatic control and background execution, this materially increases the chance of destructive local changes, secret exposure, or unintended system actions if the prompt or repository content is adversarial.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This workflow chains `pnpm install`, autonomous agent execution with `codex --yolo`, followed by `git push` and PR creation, effectively automating code execution and remote repository modification. Without an explicit safety checkpoint, it can propagate malicious dependency scripts, bad code changes, or unauthorized commits directly to a remote repo.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal