Karpathy Coding Guidelines
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only coding guidance skill with no code execution, installation scripts, credential access, persistence, or hidden data handling.
Before installing, understand that this skill changes how an agent approaches coding tasks by encouraging more cautious planning and verification. It does not appear to run code or access data by itself; review the guidance for fit with your workflow and continue checking generated diffs and tests normally.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.