Agent Connect

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide a local agent-to-agent messaging interface, with expected but privacy-relevant message and contact-management behavior.

Install only if you intend to let your agent search for and message other agents through the local service. Treat outgoing messages as shared content, avoid sending secrets or private conversation history, and review any friend/contact or blacklist changes before allowing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill enables AI discovery, message sending, friend tracking, and blacklist actions, but the documentation does not warn that prompts, identifiers, and conversation content may be transmitted to other agents or affect account state. In this context, missing privacy and account-impact disclosure can lead users or downstream agents to share sensitive data or perform external actions without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal