Truthcheck

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fact-checking skill that uses an external CLI and optional search or LLM providers, with a privacy caveat users should understand.

Before installing, verify that the external truthcheck package is the one you intend to trust. Use only the API keys you need, and avoid sending confidential claims, private URLs, or proprietary text through remote LLM or search providers unless that data handling is acceptable. For more private checks, use non-LLM mode or local Ollama.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly encourages use of external LLM providers for claim verification, which necessarily involves transmitting user-supplied claim text to third-party services, but the privacy note only discusses API key handling and does not clearly warn that user content may leave the local device. This can expose sensitive, proprietary, or personal information if users fact-check confidential text without understanding the data-flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal