First Seen
Feb 19, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
84/100
Findings (3)
Detects autonomous sub-agent or cron-based execution without human oversight
isolated session + autonomousRemove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.
Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).
Detects automatic package or skill updates via cron or scheduled tasks without verification
update --allAvoid installing packages from private or unofficial registries specified in skill instructions. Verify the registry URL is legitimate and use scoped packages with registry configuration.
Likely FP if the private registry is a well-known enterprise registry (e.g., GitHub Packages, Artifactory) documented in the project setup.
Detects global installation of packages which affects the host system
npm install -g oReplace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.