cryptolint

Security checks across malware telemetry and agentic risk

Overview

CryptoLint appears to be a local cryptography scanning skill, but the artifact files needed to verify scanner-reported implementation flaws were not present in the workspace.

Install only if you are comfortable with a local scanner reading source files. Prefer setting any license key through a protected environment variable rather than a command-line flag, and review any git hook installation before enabling it because it will run during commits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The tool accepts a license key via '--license-key' and exports it for later use without warning that command-line arguments are commonly exposed through shell history, process listings, CI logs, and audit trails. This can leak the credential to other local users or log consumers, enabling unauthorized license use or account abuse.

VirusTotal

No VirusTotal findings

View on VirusTotal