Back to skill

Security audit

Codebase to Course

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: reads a chosen codebase and creates a local interactive course, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable letting the agent read the selected project or clone the GitHub repo you provide. Avoid running it on folders containing secrets or unrelated private code, and review the generated course before sharing it because it may include exact source-code snippets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match common, non-explicit requests about explaining or teaching code, which can cause the skill to activate when the user did not specifically ask for HTML course generation. In this context, unintended invocation can lead to excessive repository analysis and creation of a large derived artifact, increasing the chance of unnecessary file writes, disclosure of code excerpts into generated output, or disruption of the user's intended workflow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad enough that normal conversation about teaching or explaining code could invoke the skill unintentionally. In this skill's context, accidental activation is meaningful because it can lead to repository reads, cloning, and filesystem writes without the user clearly intending those actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs cloning arbitrary GitHub repositories into /tmp without a clear upfront warning or confirmation about network access and local filesystem modification. This is dangerous because remote fetches and local writes expand the trust boundary, may surprise users, and can pull sensitive or untrusted content into the environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs creation of directories, copying files, writing HTML modules, and assembling output without clearly informing the user that substantial filesystem changes will occur. In an agent setting, undisclosed writes can overwrite files, create clutter, or place generated content in unexpected locations, especially if triggered automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.