Back to skill

Security audit

bug-fixing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent bug-fixing workflow skill that may edit project files and run local verification commands, including service restarts, but its behavior is disclosed and aligned with its purpose.

Install only if you are comfortable with an agent editing code, running tests/builds, restarting a local backend, clearing Python cache files, and writing project-local bug notes. Keep work under version control, review any process-kill or recursive-delete command before execution, confirm the intended project path and PID, and do not place secrets or private customer data in the persistent bug records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes explicit commands to kill Python processes, delete `__pycache__` directories recursively, and restart services without requiring confirmation, scope checks, or a warning about impact. In an agentic execution environment with `execute` permission, this can cause unintended service disruption, terminate unrelated developer processes, or delete files more broadly than intended if run in the wrong directory/context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.