Back to skill

Security audit

Code Fix

Security checks across malware telemetry and agentic risk

Overview

This debugging skill is coherent and purpose-aligned, with only ordinary code-repair commands that users should run carefully.

Install only if you want an agent to help debug and edit code. Before allowing cleanup commands such as deleting node_modules, cleaning caches, force reinstalling packages, or cargo clean, confirm the project scope and understand that these can remove local dependency state and take time to rebuild.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes shell commands that can delete directories and force-clear caches, such as removing node_modules and running cache-clean operations, but it does not require an explicit confirmation or warn about side effects. In a debugging skill with Bash access, this can lead the agent to perform destructive or environment-altering actions on a user's workspace without informed consent, potentially causing data loss, long reinstall times, or disruption of local state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.