Back to skill

Security audit

Code Review

Security checks across malware telemetry and agentic risk

Overview

This code-review skill is purpose-aligned and disclosed, but users should treat AI mode as sending reviewed source code to the configured model provider.

Install if you are comfortable with the provider you configure. For proprietary or sensitive repositories, leave external model API keys unset or use local Ollama, and avoid reviewing files that contain secrets unless your organization permits sending that code to the selected provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The README makes a potentially misleading privacy/data-handling claim: it says the software does not transmit data externally unless explicitly configured by the user, while the product description highlights support for Anthropic and OpenAI models, which commonly require sending code or data to external services. In a code-review tool, users may paste proprietary source code or secrets, so unclear disclosure about when data leaves the machine can create real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The review() flow reads full file contents and, when a model is configured, sends the code and local findings to external providers such as Anthropic or OpenAI. In a code-review skill, this is contextually significant because source files may contain proprietary code, credentials, internal URLs, or personal data, and the transfer occurs without any explicit consent gate, warning, redaction step, or provider allowlist beyond model selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.