Back to skill

Security audit

Writes ralph loops for you that you can copy and paste

Security checks across malware telemetry and agentic risk

Overview

The skill does not run code itself, but it creates ready-to-run agent automation loops that default to approval-bypass behavior without enough safety gating.

Install only if you understand agentic CLI automation. Before running any generated command, inspect it, remove approval-bypass flags unless you deliberately need them, avoid sensitive content in PROMPT.md, prefer fixed iteration limits and stop files, and test in a version-controlled or disposable workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly tells users to copy a generated terminal command, paste it into a shell, and press Enter without first reviewing it. Because this skill generates automation loop commands for shells such as PowerShell, CMD, and Bash, encouraging direct execution increases the risk of command injection, destructive shell behavior, or unsafe repeated execution if the generated command is wrong or manipulated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to create a timestamped file in the current directory without an explicit warning or confirmation that it will modify the user's filesystem. In agent environments, silent writes can surprise users, overwrite expectations, or be abused in sensitive directories, especially when the generated artifact contains executable commands.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill recommends automation commands using flags such as `--dangerously-skip-permissions` and `--yolo`, which disable or bypass approval safeguards while repeatedly feeding PROMPT.md into an agentic tool. This materially increases the chance of destructive or unintended autonomous actions, especially because the generated loops can run multiple times or indefinitely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that `grok-auto` sends PROMPT.md content to the xAI API directly, but it does not warn users that local file contents may leave the machine and be transmitted to a third party. If PROMPT.md contains secrets, proprietary code, or personal data, users may disclose sensitive information without realizing it.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- gemini-2.5-pro: `Get-Content PROMPT.md -Raw | gemini --model gemini-2.5-pro --yolo`

**For Grok CLI (PowerShell):**
- Default: `Get-Content PROMPT.md -Raw | grok-auto` (uses default model from GROK_MODEL env var, auto-approves permissions)
- grok-code-fast-1: `Get-Content PROMPT.md -Raw | grok-auto -m grok-code-fast-1`
- grok-4-latest: `Get-Content PROMPT.md -Raw | grok-auto -m grok-4-latest`
- grok-beta: `Get-Content PROMPT.md -Raw | grok-auto -m grok-beta`
Confidence
95% confidence
Finding
auto-approve

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.