Back to skill

Security audit

Workspace Anchor

Security checks across malware telemetry and agentic risk

Overview

No artifact-backed suspicious behavior was established; the VirusTotal concern alone is not enough to classify the skill as suspicious.

Treat the external scanner warning as a prompt to review the actual SKILL.md and helper files before installation, especially any shell command execution, but do not treat the telemetry alone as evidence of malicious behavior.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
cli.js:22

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/discover.js:103

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/validate.js:51