Back to skill

Security audit

Security Audit Enhanced

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local security-audit tool with optional user-invoked report writing and permission tightening, not evidence of hidden or harmful behavior.

Run the audit in read-only mode first and review generated reports before sharing them. Only use --fix or --save-baseline after confirming the target path and output file, because those commands can change file permissions or overwrite a baseline file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises auto-fix and permission-changing workflows such as baseline saves and fix operations without a prominent warning that local configuration files and filesystem permissions will be modified. In an agent context, documentation that normalizes silent remediation increases the chance of unintended state changes, lockouts, or overwriting of security baselines.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal