Back to skill

Security audit

Systematic Debugging

Security checks across malware telemetry and agentic risk

Overview

This is a debugging guide, but it includes broad diagnostic guidance that could expose Mac keychain and code-signing identity details.

Review the skill before installing. It is reasonable as a debugging workflow, but do not let an agent run or paste keychain, signing-identity, or environment diagnostics unless you are specifically debugging code signing and can keep the output private or redact it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Credential Access

High
Category
Privilege Escalation
Content
env | grep IDENTITY || echo "IDENTITY not in environment"

   # Layer 3: Signing script
   echo "=== Keychain state: ==="
   security list-keychains
   security find-identity -v
Confidence
88% confidence
Finding
Keychain

Credential Access

High
Category
Privilege Escalation
Content
# Layer 3: Signing script
   echo "=== Keychain state: ==="
   security list-keychains
   security find-identity -v

   # Layer 4: Actual signing
Confidence
90% confidence
Finding
keychain

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.