Local Cpp Code Review

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only C/C++ local code review skill whose filesystem reading is disclosed and aligned with its purpose.

Before installing or using it, only point it at directories you intend the agent to read. Avoid broad paths that may contain secrets or unrelated proprietary code, and review the generated report before sharing it outside your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly scans local directories and reads source files, but it does not require clear user notice or confirmation before accessing local paths and collecting code content. In an agent environment, this can lead to unintentional exposure of sensitive local source code, secrets embedded in files, or proprietary project structure when a user makes a broad review request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal