Back to skill

Security audit

Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate code-review guide, but it can tell an agent to fix CI failures and push commits under your GitHub account without a clear approval step.

Install only if you are comfortable with an agent using your GitHub CLI context. Treat it as review-plus-remediation, not read-only review: require confirmation before file edits, commits, pushes, dependency installs, or running repository scripts, and avoid using it on untrusted repositories without a sandbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a code-review tool, but these instructions escalate from analysis into autonomous repository modification, commit creation, and pushing changes when CI fails on the author's PR. That broadens authority from read/review to write/deploy behavior, increasing the chance of unintended or user-unapproved code changes in a workflow that may be invoked by a simple review request.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation describes a review skill, but the operational instructions authorize active remediation and repository writes, creating a capability mismatch that can mislead users about what the skill will do. In security terms, this is dangerous because a low-risk invocation surface ('review this code') can trigger higher-risk actions such as modifying and pushing code without a distinct authorization boundary.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation phrases are broad and map to common, innocuous review requests, which raises the likelihood that the skill is invoked unintentionally in contexts where the user only wanted commentary. Because this skill also includes higher-risk operational steps elsewhere, accidental activation materially increases the chance of overreach and unintended command execution or code changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
reference.md:418