Security audit

Reorganize Logic

Security checks across malware telemetry and agentic risk

Overview

This skill rebuilds documentation contracts from code and includes a verifier, with deletion handled through a human-reviewed manifest rather than automatic removal.

Install only if you want a deliberate documentation-contract rebuild, not a light doc sync. Run it on a clean branch or with version control available, review the generated deletion manifest carefully, and do not apply deletions until you agree the rebuilt contracts are correct.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README explicitly states that legacy contracts are deleted and emphasizes rebuild-over-sync behavior, but it does not give a prominent user-facing warning about potential data loss, backups, or safe review procedures before adopting the skill. In a tool designed to replace and remove documentation artifacts, this omission can lead users to run destructive workflows without understanding recovery expectations, increasing the chance of accidental loss of valuable project context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal