Back to skill

Security audit

Skill Auditor Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-security scanner with a few hygiene and accuracy caveats, not evidence of malicious behavior.

Install only if you are comfortable running a shell-based helper. Treat its results as advisory rather than complete security proof, scan only specific skill directories, do not run it with sudo, treat exported suspicious snippets as untrusted, and delete any /tmp/skill-audit-*-suspicious.txt file after review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script copies suspicious code excerpts into a predictable file under /tmp, which can expose potentially sensitive content from scanned skills to other local users or processes depending on system permissions and tmp handling. Because these snippets may include secrets, malware payloads, or proprietary code, this creates an unnecessary data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.