Back to skill

Security audit

conduxt

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed coding-agent orchestrator, but it can run unattended agents with broad repository permissions, so users should review it carefully before installing.

Install only if you intentionally want an unattended coding-agent orchestrator that can create worktrees, run agents, commit changes, push branches, and open PRs. Prefer explicit session commands, avoid --approve-all unless the repository and task are trusted, keep secrets out of prompts and issue text, and review all generated changes before pushing or merging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
77% confidence
Finding
Very broad invocation phrases like 'start agent', 'open a session', and 'code this' make accidental or overly-permissive activation more likely. In a skill that can launch agents, create worktrees, write state, and eventually push code, ambiguous triggering materially increases the chance of unintended autonomous actions.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The claim that the skill 'Handles any coding task' leaves activation boundaries undefined and encourages use in situations beyond its safe operating envelope. Because the skill coordinates external agents and can take consequential actions, unclear scope can lead to misuse and over-delegation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill recommends '--approve-all' for unattended execution without pairing it with a prominent warning or mandatory consent step. This removes an important safety checkpoint and allows downstream agents to perform privileged actions automatically, potentially including code modification, command execution, or repo operations the user did not specifically review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The ACPX launch path explicitly uses `--approve-all`, which removes interactive approval barriers and allows the coding agent to execute actions autonomously based on prompt content. In this skill's context, the prompt includes task text from an external file and is designed to operate on arbitrary repositories, so automatic approval materially increases the risk of unintended or prompt-influenced destructive commands, data exfiltration, or unsafe code changes without user review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.