Back to skill

Security audit

编程语言迁移

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed code-migration workflow, but it gives the agent broad autonomous authority to scan, write, fix, and run project code with limited user checkpoints.

Install only if you want an agent to conduct a full codebase migration, not just give advice. Before using it, set explicit source and target directories, keep the source read-only, review generated diffs frequently, and approve any build/test commands that may execute project scripts or touch external services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (15)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The guidance is incorrect: C `strchr` returns a pointer or `NULL`, while Python `s.find(c)` returns an integer index or `-1`. Treating them as having the same not-found behavior can produce logic bugs during migration, especially when index `0` is misinterpreted as false or when `-1` is accidentally used as a valid index in Python, causing incorrect character access and control-flow errors. In a language-migration skill, this is more dangerous because users may systematically propagate the bad mapping across an entire translated codebase.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The verification phase is supposed to confirm correctness, but these instructions authorize the agent to autonomously fix findings, re-audit, and modify multiple project artifacts. That broadens the skill from verification into unsupervised code-changing behavior, increasing the chance of unintended or unsafe edits during a stage that should be evidence-focused and human-gated.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The file presents a strict no-workarounds, human-gated verification model, but then instructs the agent to autonomously fix audit findings until zero remain. This contradiction is dangerous because it can override operator expectations and cause the agent to make substantive project changes under the guise of verification, reducing transparency and weakening human control over risky modifications.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The document explicitly states that no human involvement is required or permitted inside the PGR loop, which conflicts with the skill's own stated human-gated blocking requirement. In a code-migration skill that can modify project files and advance phases autonomously, removing human approval checkpoints increases the risk of unsafe file changes, premature completion claims, and uncontrolled execution of follow-on actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "port project" is broad enough to activate on ordinary requests without clearly signaling that the skill may create directories, write YAML state, and perform large-scale project-wide operations. In an agent environment, overbroad activation can cause unintended file modifications or workflow takeover when the user only wanted advice, a snippet rewrite, or a narrow conversion task.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises persistent YAML state across sessions without an explicit warning that it will write files into the user's workspace. In agentic tooling, silent persistence is risky because it changes the repository state, may pollute commits, and can surprise users who expected analysis-only behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These instructions direct creation of a target output tree and multiple workspace files but do not require a user-facing consent step before modifying the filesystem. In a coding-agent context, that is dangerous because broad directory creation and stateful writes can alter repositories, interfere with existing build setups, or create unwanted artifacts without informed approval.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The file imposes a blanket policy of `unittest.mock` being 'PROHIBITED' rather than presenting it as a context-dependent recommendation. In a code-migration skill, this can pressure an agent to avoid standard test isolation techniques even when needed for safe validation, reducing user control over tooling choices and potentially encouraging weaker or less practical verification workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example `buffer_push` writes to `b->data[b->size++]` with no capacity check, which models an out-of-bounds write if callers push past the allocated buffer size. In a language-migration skill, example code is likely to be copied into real ports, so presenting unsafe memory-write logic without an explicit warning or safe variant meaningfully increases the chance of introducing memory corruption bugs.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file explicitly states "NO EQUIVALENT — mocks prohibited," which imposes a blanket no-mock policy rather than scoping the restriction to specific high-assurance scenarios. In a migration skill, this can pressure the agent to avoid safe and common test-isolation practices, reducing user choice and potentially encouraging risky live integration tests against real services or environments.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill instructs the agent to create a workspace directory and copy multiple template files without explicitly requiring user confirmation immediately before making filesystem changes. In an autonomous agent context, this can lead to unintended writes in the user's project tree, especially if paths are misunderstood or the skill is triggered too broadly during migration tasks.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The file defines trigger phrases such as "gap report" and "还差什么" that are broad status-style queries rather than narrowly scoped invocations. In an agent skill system, this can cause unintended activation during ordinary conversation, leading the agent to run migration-audit behavior when the user only asked for a generic progress update.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The session-start rule says that if the user's first message is a status question like "还差什么", "进度怎样", or "gap report", the skill should run before any other task. This creates an especially risky auto-execution path because common onboarding or status questions at the start of a session can trigger file-writing and analysis behavior without clear user opt-in.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section directs the agent to apply fixes and update migration-state.yaml during the audit loop, but does not require any user-facing warning or consent before modifying files. In this skill's context, which emphasizes full-project migration and persistent state across sessions, silent writes can accumulate unintended changes and make it harder for users to control or review agent actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol instructs running shell and build commands such as find, scan scripts, and language-specific builds without a user-facing execution warning or consent gate. Even seemingly routine commands can consume significant resources, execute project-defined scripts, or trigger side effects in an untrusted repository, making autonomous command execution risky.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.