Chuyao Aa

Security checks across malware telemetry and agentic risk

Overview

This skill coherently helps generate Spring Boot wrappers for MTL APIs, with manageable risks around credentials and verbose logging.

Install this only in projects where you intend to generate MTL Spring Boot API wrapper code. Review generated diffs, keep clientIdentifier and token out of committed source code, and treat optional request/response logs as sensitive because they may contain business data, identifiers, or secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The optional logging snippet records full serialized request and response objects, which can include sensitive query parameters, request bodies, authentication-related values, internal API data, and exception details. Because the skill does not clearly warn users about this behavior or require redaction, it can lead to unintended exposure of sensitive data in application logs and downstream log systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal