Autoresearch Pilot
Security checks across malware telemetry and agentic risk
Overview
The skill bundle is mostly coherent, but one bundled review helper grants broad local authority and can automatically send code diffs to fallback reviewer tools.
Install only if you are comfortable with repository-maintenance skills that can invoke local CLIs, GitHub/Convex operations, and moderator tools. For autoreview, prefer `--no-yolo` or `AUTOREVIEW_YOLO=0`, and set `--fallback-reviewer none` unless you explicitly want code diffs sent to another reviewer CLI.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.