Dependency Guard
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent dependency-safety guardrail that uses Socket checks before dependency changes, with its credential and CI behavior disclosed.
Install this if you want agents to gate dependency changes through Socket. Use environment variables or Socket login for credentials rather than pasting tokens into prompts, verify the Socket CLI source before installing it globally, and review the optional GitHub Actions permissions before enabling CI comments or issue/PR writes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.