Security audit

Wave Project Evaluator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent project review skill, but users should review and approve any proposed edits before allowing it to change files or git history.

Install only if you want an agent to assess project quality and optionally help improve it. Use read-only mode unless you explicitly want remediation, review the diff before approving changes, and avoid storing reports for confidential projects if the memory/project-evals path is not appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill goes beyond passive evaluation and instructs the agent to modify repositories via git commit and git revert. Even though these actions are framed as part of a 'ratchet' workflow, they create persistent state changes and rollback operations that can alter project history without an explicitly bounded authorization model, making unintended or user-surprising repository mutations possible.

Context-Inappropriate Capability

Low

Confidence: 84% confidence
Finding: The skill writes evaluation reports into persistent memory storage, which is broader than simple project assessment and can retain project metadata or sensitive details longer than the user expects. In a project-review context this increases data retention risk, especially if reports include proprietary paths, quality issues, or operational notes.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains broad phrases like '评估项目', 'project review', and '优化项目' that can naturally appear in ordinary conversation. Because this skill is capable of recommending and potentially performing file and git mutations, loose activation boundaries raise the chance of accidental invocation in contexts where the user only wanted advice or high-level discussion.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The scenario triggers are phrased as normal-language requests without defining a safe default mode or explicit consent boundary. In context, this is more dangerous because the skill's workflow includes modifying code, committing changes, reverting history, and writing reports, so ambiguous requests could escalate from analysis into action unexpectedly.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill description does not clearly warn users that it may edit project files, create git commits, revert changes, and persist reports to memory. This is dangerous because users may invoke what appears to be a scoring/evaluation tool while unknowingly granting it authority to perform impactful state-changing operations on source code and stored project information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.