Expanso log-sanitize
Security checks across malware telemetry and agentic risk
Overview
This skill mainly performs local log redaction, but its HTTP mode exposes an unauthenticated endpoint on all network interfaces while handling sensitive logs.
CLI mode is the safest fit for local-only sanitization. If you use MCP mode, bind it to localhost or protect it with firewall/authentication before sending real logs. Avoid the cloud deploy command unless you have verified the remote pipeline content and are comfortable with where logs will be processed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.