Back to skill

Security audit

AI Code Review

Security checks across malware telemetry and agentic risk

Overview

This skill mostly describes an AI code-review workflow, but it also claims system health checks can auto-restart services such as nginx and Docker without clear scoping or included implementation to review.

Review this carefully before installing. Use it only on repositories and audio you are allowed to send to OpenAI and Discord, use limited-scope API keys/webhooks, and do not run any later-provided healthcheck or service-restart script unless you have reviewed its source and intentionally granted the needed system privileges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is presented as an automated code review tool, but the documented health check includes host/service monitoring and automatic restarts of nginx, docker, and other services. This scope expansion creates operational control beyond the declared purpose, increasing the risk that users deploy the skill with elevated privileges and unintentionally grant it broader system-management capability.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Documented health-check behavior that monitors unrelated services and performs restarts extends the skill into system administration territory. That mismatch matters because operators may trust a code-review skill with access they would not knowingly grant to a service capable of affecting host availability and service state.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description states that diffs are sent to GPT-4o, audio is transcribed via Whisper, and notifications may be sent to Discord, but it does not prominently warn users that potentially sensitive source code and voice-note content leave the local environment. This creates a meaningful data-handling and privacy risk, especially for proprietary code, secrets embedded in diffs, or confidential review discussions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.