Monitoring Plus

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only monitoring skill, but users should avoid copying its example secrets or disabled Loki authentication into production.

Install is reasonable for reference use. Before using the snippets in a real environment, replace all example credentials with secret-manager or environment-variable references, do not commit real tokens, and do not deploy Loki with auth disabled unless it is isolated and otherwise protected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes example configurations with hardcoded credential placeholders for SMTP, PagerDuty, and Slack, and it also sets `auth_enabled: false` in the Loki configuration without any warning about the security implications. In a monitoring/observability skill, users may copy these snippets directly into production-like environments, which can lead to exposed secrets, unauthenticated log access, or insecure default deployments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal