Back to skill

Security audit

Coding Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for delegating coding work, but it normalizes high-autonomy agents that can change code, install dependencies, push branches, and post to GitHub with limited review gates.

Install only if you intentionally want a skill that can launch autonomous coding agents against your repositories. Prefer temp clones or worktrees, avoid directories containing secrets, monitor background logs, and require explicit approval before using bypassPermissions, --full-auto, --yolo, dependency installs, pushes, PR creation, or GitHub comments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly recommends high-autonomy modes such as Codex `--full-auto` and `--yolo`, including a mode described as having no sandbox and no approvals. In a delegation skill, this materially expands the agent's ability to make unreviewed code and environment changes, increasing the chance of destructive edits, data exposure, or unintended command execution.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The guidance goes beyond local delegation by instructing the agent to post results directly to GitHub with `gh pr comment`. That grants remote write behavior to an external service, which can leak sensitive review content, spam repositories, or let an autonomous run take externally visible actions without a review gate.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill recommends Claude Code with `--permission-mode bypassPermissions`, which disables normal permission checks, but does not pair that advice with a strong safety warning or narrow execution constraints. This can let the delegated agent perform unrestricted file and system actions in the working directory or accessible environment with minimal friction.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The examples normalize Codex `--yolo` usage in build/refactor workflows even though the skill itself notes it means no sandbox and no approvals. Presenting this as a routine option makes unsafe execution more likely and can lead to unreviewed destructive changes, credential misuse, or arbitrary command execution inside the project environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This workflow instructs autonomous dependency installation, issue fixing, commit creation, push, and PR creation in parallel worktrees. Those steps can alter repositories and remote state at scale without a human review checkpoint, increasing the blast radius of bad edits, supply-chain risks from installs, and accidental publication of flawed or sensitive changes.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| --------------- | -------------------------------------------------- |
| `exec "prompt"` | One-shot execution, exits when done                |
| `--full-auto`   | Sandboxed but auto-approves in workspace           |
| `--yolo`        | NO sandbox, NO approvals (fastest, most dangerous) |

### Building/Creating
Confidence
90% confidence
Finding
NO approval

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| Flag            | Effect                                             |
| --------------- | -------------------------------------------------- |
| `exec "prompt"` | One-shot execution, exits when done                |
| `--full-auto`   | Sandboxed but auto-approves in workspace           |
| `--yolo`        | NO sandbox, NO approvals (fastest, most dangerous) |

### Building/Creating
Confidence
82% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- If an agent fails/hangs, respawn it or ask the user for direction, but don't silently take over.
3. **Be patient** - don't kill sessions because they're "slow"
4. **Monitor with process:log** - check progress without interfering
5. **--full-auto for building** - auto-approves changes
6. **vanilla for reviewing** - no special flags needed
7. **Parallel is OK** - run many Codex processes at once for batch work
8. **NEVER start Codex in ~/.openclaw/** - it'll read your soul docs and get weird ideas about the org chart!
Confidence
79% confidence
Finding
auto-approve

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.