Agent Chat

Security checks across malware telemetry and agentic risk

Overview

This skill is for a legitimate temporary chat room, but its install command appears to point at the wrong unpinned package and it under-explains the risk of making the room public.

Review before installing. Do not run the shown `uv run --with agent-chat` command until the package name is corrected or pinned to the intended reviewed package. If you use the skill, use a strong unique room password, avoid sharing secrets in the chat, prefer password headers over URL query parameters, and stop the server/tunnel when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs users to expose a temporary chat room via a public cloudflared tunnel and to exchange messages over authenticated network endpoints, but it does not warn about the security consequences of doing so. This can lead users to share sensitive data, reuse weak passwords, or assume the service is safer/private than it is, increasing the risk of unauthorized access or data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal