Back to skill

Security audit

Lightweight Autoresearch V2

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for local experiment optimization; it asks for code and git access, but that behavior is disclosed and fits its purpose.

Install only if you are comfortable with an agent editing experiment code and running local subprocesses in the chosen target directory. Use a clean branch or disposable worktree, review diffs at each checkpoint, and do not run any external run_loop.py implementation unless you trust and have reviewed it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
This markdown file contains user-facing invocation text, headings, instructions, and examples primarily in Chinese, including the main description and operational guidance. Because the skill does not offer an opt-in language choice or explain that it is intended only for a Chinese-speaking context, it may violate a language/locale policy requiring user choice or justified locale constraints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.