Stop Asking and Just Do It

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it gives an agent broad autonomy to change code with few approval checkpoints.

Install this only if you intentionally want a coding agent to work with high autonomy. Use version control, review diffs carefully, and add your own rule requiring confirmation before destructive edits, dependency changes, migrations, production config changes, secrets handling, or large refactors.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill is configured to trigger on essentially any coding-related request, which creates unsafe scope capture: a generic autonomy policy can override more task-specific safeguards and push the agent into making changes without explicit user confirmation. In an agentic coding environment, overly broad activation increases the chance of unintended file edits, privilege misuse, or risky operations being applied in contexts where tighter controls are needed.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The instructions strongly encourage autonomous modification of the codebase but omit safety boundaries around data loss, production integrity, secrets handling, and destructive actions. That omission is dangerous because it biases the agent toward execution speed over risk assessment, making harmful changes more likely during ambiguous or high-impact tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal