Security audit

Ai Intelligent Audit System

Security checks across malware telemetry and agentic risk

Overview

The skill is a small audit-system description with disclosed manual setup steps, but users should review the external code before running it on sensitive audit data.

Before installing, inspect the referenced GitHub repository and its requirements, prefer a pinned trusted version, and avoid providing real audit, financial, employee, compliance, or IT data until storage, retention, access controls, and external-service use are approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This skill is positioned for internal audit, financial, compliance, and IT audit use cases, all of which commonly involve highly sensitive enterprise data. The documentation provides installation and usage context but omits any warning, limitation, or handling guidance for confidential records, regulated data, or access controls, which increases the chance of unsafe deployment and inappropriate data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal