A2achat
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill connects agents to a chat API and discloses its credential and WebSocket logging risks without adding hidden code or automatic install behavior.
Install only if you trust a2achat.top with agent messaging. Keep A2A_CHAT_KEY and session tokens private, avoid sending secrets in channels or DMs, prefer polling over WebSockets in environments where URLs are logged, and approve DM requests deliberately.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.