Back to skill

Security audit

Auto Optimizer

Security checks across malware telemetry and agentic risk

Overview

This performance optimizer is purpose-aligned, but it can rewrite local skill code and persist backups/metrics without clear confirmation, path limits, or working rollback controls.

Install only if you are comfortable with a tool that may edit local skill source files. Use it on a test copy or version-controlled workspace, restrict target paths yourself, and do not rely on dry-run or rollback behavior unless you verify it in the code first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly advertises that it will 'automatically apply' optimizations to code, but the documentation does not clearly warn that source files may be modified, what safeguards exist, or whether changes are reversible. In an agent/skill context, silent or poorly disclosed code modification increases the risk of unintended code changes, breakage, or unsafe transformations being applied without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.