Back to skill

Security audit

claude-code-skill-2

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent coding-helper integration, but it normalizes running a secondary Claude Code process with bypassed permissions and broad project read/write/Bash access.

Install only if you intentionally want your agent to delegate coding work to Claude Code. Before use, verify the target directory, prefer read-only or no-tools modes for review, and require explicit approval before any command using `--permission-mode bypassPermissions`, especially with `--add-dir "$(pwd)"` or repositories containing secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs invoking an external CLI via shell and describes scenarios where that subprocess can directly perform broad project modifications. This expands the agent's effective authority from advisory coding assistance into delegated code execution and file mutation, increasing the chance of unintended edits, unsafe shell actions, or misuse of project access beyond what a user may expect from the manifest description.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The example command uses '--permission-mode bypassPermissions', which removes normal safety gating for the delegated Claude Code process while asking it to review or modify project content. If used on untrusted prompts or sensitive repositories, this can enable unrestricted reading and writing by a secondary model process, increasing the risk of destructive changes, data exposure, or execution of unsafe tool actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill normalizes granting direct read/write capability through bypassed permissions without clearly warning the user about potential modification, deletion, or disclosure of local project files. That omission increases the likelihood that operators invoke a powerful mode without understanding its system and data impact.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The current-working-directory example encourages direct modification of whatever project happens to be active, again with bypassed permissions, but does not warn about accidental edits to the wrong repository, sensitive files, or broad unintended changes. In agent workflows, CWD-based operations are especially risky because context can drift between tasks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.