Back to skill

Security audit

Spec Developer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed spec-driven development helper that can modify project files and run a fixed local test script when the user invokes its commands.

Install this only if you want an agent to manage spec files, task lists, implementation work, and a local test script in your repository. Use version control, invoke /spec-execute only on specs you trust, and review diffs, task renumbering, and test output before committing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to generate a filename, read a template, and write a new spec file, but it does not warn the user that invoking the command will modify repository contents. In an agent setting, silent file creation is dangerous because users may expect planning help rather than immediate persistence, leading to unintended changes or abuse in sensitive repos.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This command reads a spec and appends extracted tasks into specs/tasks.md while renumbering tasks, but the skill provides no warning that it will mutate an existing shared task-tracking file. That can cause unintended project-state changes, merge conflicts, or corruption of task numbering if run in the wrong repository context.

Missing User Warnings

High
Confidence
99% confidence
Finding
The execute flow authorizes a broad autonomous loop that creates tasks, edits code, writes tests, runs scripts, updates task files, and marks specs implemented, all without any explicit user-approval checkpoint. In a coding agent, this is high risk because it combines extensive repository modification with command execution, making accidental destructive changes or unsafe script execution much more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.