Jarvis Codebase Mapper 01

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only planning skill for codebase mapping and development workflow organization, with no evidence of hidden access, persistence, credential use, or unsafe automation.

This skill is reasonable to install for planning and codebase-orientation work. Review any commands or checklists it suggests before running them, especially in production repositories, because the skill can generate practical command sequences even though it does not execute them itself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The description is broad enough to activate on many generic development requests, not just codebase mapping. Overly broad activation increases the chance the skill is invoked outside its intended scope, which can bypass more appropriate specialized workflows and lead to irrelevant or lower-quality guidance being applied in sensitive engineering contexts.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The example prompts are generic planning requests that do not anchor usage to codebase mapping. This broadens trigger conditions and can cause the skill to be selected for everyday planning tasks, creating scope confusion and reducing assurance that users receive domain-appropriate instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal