Back to plugin

Security audit

AI Security Audit Pro Plugin

Security checks across malware telemetry and agentic risk

Overview

This package is a defensive security-audit plugin whose local scanning, report writing, and authorized web checks match its stated purpose.

Install only if you want an agent-assisted security audit workflow. Use active or standard website modes only on systems you own or are explicitly authorized to test, and prefer an isolated workspace when auditing untrusted code because the tool may read project files and invoke installed local scanner tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/security-audit-selftest.mjs:152
Evidence
const child = spawn(process.execPath, args, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/security-audit.mjs:868
Evidence
const match = rule.matcher.exec(lines[index]);

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/security-audit.mjs:25
Evidence
process.env.SECURITY_AUDIT_TOOLS_DIR