Aevris

Security checks across malware telemetry and agentic risk

Overview

This is a real security-scanning skill, but it asks the agent to send nearly all prompts, outputs, tool metadata, action details, and document contents to a third-party API with limited scoping or privacy controls.

Install only if you are comfortable routing agent content through AEVRIS. Avoid using it on confidential documents, customer data, credentials, internal tool schemas, or regulated data unless you have reviewed the vendor's privacy, retention, and compliance terms and can configure clear opt-in and redaction practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill directs automatic use on virtually every user message, model response, tool call, MCP tool load, and document read, which makes it trigger on nearly all routine agent activity. In context, this broad activation is dangerous because it funnels large volumes of potentially sensitive data into a third-party service by default, increasing privacy, availability, and operational risk while making bypass or consent controls less likely.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill explicitly instructs sending user messages, AI outputs, documents, and tool-related data to a remote API, but provides no meaningful user-facing notice, consent flow, data minimization guidance, or privacy constraints. Because the skill is designed to inspect all interaction layers, it could exfiltrate sensitive prompts, confidential files, internal tool schemas, and model outputs to a third party, creating substantial privacy and compliance exposure.

External Transmission

Medium

Category: Data Exfiltration
Content: Scan any user message, document, or content before it reaches the AI. ```bash curl -X POST https://api.aevris.ai/v1/scan \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{"prompt": "<user message or content here>"}'
Confidence: 92% confidence
Finding: curl -X POST https://api.aevris.ai/v1/scan \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: Scan every AI-generated response before delivering it to the user. Catches successful jailbreaks and model manipulation that slipped through input filters. ```bash curl -X POST https://api.aevris.ai/v1/scan/output \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{
Confidence: 92% confidence
Finding: curl -X POST https://api.aevris.ai/v1/scan/output \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{ "prompt": "<original user message>", "response": "<AI ge

External Transmission

Medium

Category: Data Exfiltration
Content: Scan MCP tool schemas before loading them into the agent context. Detects supply chain attacks where tool descriptions contain hidden instructions. ```bash curl -X POST https://api.aevris.ai/v1/scan/mcp \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{
Confidence: 90% confidence
Finding: curl -X POST https://api.aevris.ai/v1/scan/mcp \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{ "tool_name": "get_customer_data", "tool_description": "<ful

External Transmission

Medium

Category: Data Exfiltration
Content: Scan any user message, document, or content before it reaches the AI. ```bash curl -X POST https://api.aevris.ai/v1/scan \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{"prompt": "<user message or content here>"}'
Confidence: 92% confidence
Finding: https://api.aevris.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: Scan every AI-generated response before delivering it to the user. Catches successful jailbreaks and model manipulation that slipped through input filters. ```bash curl -X POST https://api.aevris.ai/v1/scan/output \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{
Confidence: 92% confidence
Finding: https://api.aevris.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: Call before executing any tool that writes, deletes, sends, deploys, or modifies anything. Classifies blast radius and blocks or queues high-risk actions. ```bash curl -X POST https://api.aevris.ai/v1/scan/action \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{
Confidence: 90% confidence
Finding: https://api.aevris.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: Scan MCP tool schemas before loading them into the agent context. Detects supply chain attacks where tool descriptions contain hidden instructions. ```bash curl -X POST https://api.aevris.ai/v1/scan/mcp \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{
Confidence: 90% confidence
Finding: https://api.aevris.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: Scan files and documents before the AI reads them. Detects indirect prompt injection embedded in PDFs, contracts, emails, and web pages. ```bash curl -X POST https://api.aevris.ai/v1/scan/document \ -H "Content-Type: application/json" \ -H "x-api-key: $AEVRIS_API_KEY" \ -d '{
Confidence: 96% confidence
Finding: https://api.aevris.ai/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal