Laizy

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent coding-orchestration tool, but it can direct agents to run commands and push repository changes without an explicit review gate.

Install only if you trust the Laizy CLI and want agent-driven repository automation. Use a feature branch, inspect generated plans and commands, and require explicit approval before any commit, push, watchdog scheduling, or deletion of old run artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This markdown file instructs the operator to "archive or remove the old run artifacts," which is a data-affecting file operation. The description does not include any warning about potential loss of prior run history, the need to verify the target path, or that deletion may be irreversible.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal