Back to skill

Security audit

Auto Research Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local machine-learning experimentation workflow that edits and runs its own training script, with no evidence of hidden data access, network use, persistence, or destructive behavior.

Install this only if you want an agent to edit and run local ML training code. Use a dedicated project or sandbox, review train.py changes before running, set practical time and GPU limits, and avoid placing secrets or private data in program.md or experiment logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to inspect, modify, and run `train.py` without requiring user confirmation or warning about code execution, file modification, and possible resource consumption. In a skill designed around iterative experimentation, this increases the chance of unreviewed code changes or execution of unsafe project code in the local environment.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-start section directs users/agents to run `python train.py` directly, but does not disclose CPU/GPU usage, runtime, dependency, disk, or side-effect risks. Because `train.py` is intended to be agent-modified, encouraging direct execution without safety guidance can expose users to arbitrary code execution and unintended system impact.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
train.py:105