Back to skill

Security audit

argus

Security checks across malware telemetry and agentic risk

Overview

Argus is a coherent testing automation skill, but it can persist a Git hook, install browser-testing dependencies, and amend commits without clear confirmation gates.

Install only if you want repository-level testing automation that persists under .argus and can modify Git hook behavior. Review .git/hooks/post-commit after initialization, require manual approval before any git commit --amend, run it in a virtual environment or container when possible, and use only local/test services with minimal test tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs automatic installation of Python packages and browser binaries during frontend test execution, which expands system state and network-facing behavior beyond ordinary test running. In an agent context this is dangerous because it can modify the host environment, pull unpinned third-party code, and surprise users who only intended local test execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic commit monitoring and a persistent git hook (`.argus/commit-hook.sh`) but does not clearly warn users that enabling the skill can modify repository behavior beyond a single run. In a developer tool, silent or under-disclosed persistence is risky because it can surprise users, affect future commits, and create a trust boundary issue around ongoing local code execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that all dependencies are automatically installed on first run, but it does not warn users about package installation, network access, or system/environment changes. Auto-install behavior in a testing skill is especially sensitive because it may execute package managers, alter environments, and pull unreviewed code from external sources without explicit informed consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad language such as 'run tests' and 'check this commit', which can match common user requests and cause the skill to activate unexpectedly. In this skill, accidental activation is more serious because the skill can write files, install a git hook, amend commits, and potentially install dependencies.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill initializes a post-commit hook and later amends commit messages, but the description does not prominently warn users that local git behavior and history may be modified. This is dangerous because users may unknowingly alter repository state, affect collaboration workflows, or rewrite commits in ways that are difficult to notice or undo.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The frontend phase may install Python dependencies and Chromium, but this behavior is not clearly disclosed in the skill description. Hidden installation behavior is risky in agent-driven environments because it changes the runtime, consumes network and disk resources, and may violate user expectations or enterprise controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.