network hot topics

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill gathers public trending topics using web search or public APIs and does not request local data, credentials, persistence, or privileged actions.

Install only if you are comfortable with the agent contacting search providers or public hot-topic APIs to answer live trend requests. Avoid asking it to process sensitive private information alongside those searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The README explicitly states the skill fetches live hot-topic data from external platforms and web search, but it does not disclose that using the skill will trigger outbound network requests and may send user queries or context to third-party services. This is primarily a transparency and privacy issue rather than an exploit primitive, but in an agent setting it can still surprise users and cause unintended data exposure to external providers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal