InspirAI API Spec

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed API documentation helper, but its update command can automatically publish generated docs to a Git repository.

Install only if you trust the configured API-spec repository and are comfortable with the skill syncing and publishing generated API documentation. Before running update, review the target repo, branch, generated diff, and whether any internal endpoints or sensitive fields should be excluded.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill specifies automatically running 'git add', 'git commit', and 'git push origin main' as part of the update flow without an explicit confirmation gate immediately before the remote push. This can cause unintended publication of generated documentation, internal API details, or sensitive endpoint metadata to a shared remote repository, especially if parsing is inaccurate or includes confidential information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal