Back to skill

Security audit

CR Automated

Security checks across malware telemetry and agentic risk

Overview

This is a coherent code-review helper, but it defaults to running nested Codex review with full filesystem access and approval bypass, which is too broad for a review-only workflow.

Install only if you are comfortable with a review helper that can run repo checks, fetch git/PR metadata, and by default launch nested Codex review with approval bypass and full local access. Prefer using its `--no-yolo` or `AUTOREVIEW_YOLO=0` mode and be aware that fallback reviewers may receive code diffs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a code-review tool, but it instructs the agent to move beyond review into remediation and repository modification when CI fails on the author's PR. That scope expansion is dangerous because a user invoking 'review' may unintentionally authorize code changes and pushes, enabling unintended write actions in a workflow that should be read-mostly.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Embedding git add/commit/push commands in a review skill gives the agent direct repository-modifying capability that is not necessary for code review. If triggered in the wrong context, this can cause unauthorized or unintended commits and remote pushes, turning a passive analysis skill into an active code-changing actor.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are broad enough to match ordinary requests like 'review this' or 'check the code,' which increases the chance the skill is invoked in situations the user did not specifically intend. Because the skill also contains operational steps involving external tools and potentially write-capable workflows, overbroad activation materially raises the risk of accidental execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
reference.md:418