Ts Interface Miner

Security checks across malware telemetry and agentic risk

Overview

This is a TypeScript API documentation helper with no executable code, hidden persistence, credential use, or destructive behavior.

Install this only if you want an assistant to inspect TypeScript API code and generate Markdown tables. Avoid using it on proprietary or sensitive repositories unless you are comfortable with relevant API paths, type structures, comments, and snippets appearing in the conversation output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill activates on very broad, common user intents such as '分析 API', '查找接口', or providing a file path plus a generic documentation request. In an agent system, this can cause unintended auto-invocation, pulling the model into processing code and generating structured output in situations where the user did not clearly request this specific skill, increasing prompt-scope confusion and misrouting risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal