定位代码逻辑

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill helps locate relevant code in a workspace and does not request installation scripts, credentials, persistence, or destructive actions.

Install this if you want an agent helper for tracing code from a known entry point to the likely implementation. Be aware it is designed to inspect workspace files and include small code snippets with paths and line numbers in the conversation, so avoid using it on code you do not want surfaced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough to match many ordinary developer requests such as 'find implementation' or 'where is the code,' which can cause the skill to activate when a more appropriate or safer workflow should be used. Ambiguous invocation boundaries increase the chance of incorrect automation, over-collection of repository context, and user confusion about what the tool will do.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal