Nm Pensive Api Review

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only API review workflow whose repository inspection steps fit its stated purpose, with some broad triggers and local command guidance users should review.

Reasonable to install for structured API review work. Review generated commands before execution, avoid including secrets in evidence logs or command output, and treat the metadata credential tags as not supported by the reviewed markdown unless a separate integration clearly explains why credentials are needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest trigger list includes broad terms like "api," "design," "consistency," and "documentation," which are common words likely to appear in many unrelated conversations. This can cause the skill to activate outside its intended scope, increasing the chance that it influences unrelated tasks or pulls the agent into unnecessary workflow steps.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal