Back to skill

Security audit

authaudit

Security checks across malware telemetry and agentic risk

Overview

AuthAudit mostly behaves like a local auth-security scanner, but its license-token parsing can run attacker-controlled code from a crafted license key.

Review this skill before installing in a sensitive environment. The scanner itself appears local and purpose-aligned, but only use license keys from a trusted source and avoid storing or testing untrusted JWT/license strings because the current license parser can execute crafted payloads locally. Install git hooks only in repositories where you want AuthAudit to run automatically on future commits or pushes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/patterns.sh:241