SLA Monitor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SLA monitoring guide; its Docker and webhook examples are visible and fit the monitoring purpose, though users should run them deliberately.

Safe to install as a monitoring template. Before running the Docker example, verify the image and host exposure, know how to stop or remove the container, keep Slack webhook URLs out of shared files or chats, and review public status page content before publishing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Low

Confidence: 91% confidence
Finding: The skill includes promotional booking and marketing links in the 'Next Steps' section that are not necessary for performing SLA monitoring setup. In an agent context, this creates a prompt-injection-style steering risk where the agent may prioritize external commercial calls-to-action over the user’s task, and may expose users to unnecessary third-party navigation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal