Back to skill

Security audit

Five Star Reviewers

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent code-review helper, but it defaults to running nested review with full filesystem access and approval bypass, which is broader authority than a review tool normally needs.

Review the privilege defaults before installing. For normal use, prefer running the helper with --no-yolo or AUTOREVIEW_YOLO=0, and disable automatic fallback reviewers if private diffs should not be sent to other AI tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to create multiple markdown files inside the current project directory as part of normal execution. That is a real safety issue because it causes side effects on the user's repository without an explicit consent or warning, and in many environments those files can pollute the working tree, interfere with tooling, or accidentally be committed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The protocol explicitly instructs the agent to write multiple review artifacts into the user's repository under docs/five-star-reviewers without requiring confirmation or clearly warning that this will modify the working tree. In a review-oriented skill, these writes are not strictly necessary to complete analysis, so the behavior can create unintended repo changes, dirty working trees, noisy commits, or accidental inclusion of generated content in version control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.