AI Startup Scout

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed external lookup skill for AI startup funding data, but users should treat its raw non-HTTPS IP endpoint and per-call pricing cautiously.

Use only if you are comfortable sending startup-search filters and queries to the listed third-party HTTP endpoint. Avoid confidential investment plans, private company data, credentials, or regulated information, and verify the provider and billing behavior before allowing paid requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to call a raw external HTTP endpoint by IP address, which can expose user-supplied query parameters to a third-party service without any privacy, trust, or transport-security warning. Because it uses plain HTTP instead of HTTPS, requests and responses may also be observed or modified in transit, increasing the risk of data leakage or tampering.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal