Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No artifact-backed suspicious behavior could be confirmed from the accessible evidence; file inspection was unavailable in this run.
Because the artifact files could not be inspected in this run, treat this as a low-confidence benign review. Before installing, confirm the skill only uses Reddit OAuth credentials, stores tokens in the documented location, and sends network requests only to Reddit endpoints.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
VirusTotal
65/65 vendors flagged this skill as clean.