Bellink

Security checks across malware telemetry and agentic risk

Overview

Bellink is a disclosed remote connector for business apps, but its URL is a sensitive credential and should be handled like a password.

Install only if you trust Bellink with the apps you connect. Treat BELLINK_URL like a password: do not share it, commit it, paste it into public chats, or leave it in logs. Connect only the apps you need, and require manual confirmation before the agent sends messages, books appointments, writes records, or changes business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs users to place a credential-bearing URL containing an authentication key into an environment variable and config examples, but it does not clearly warn that the full URL is a secret equivalent to an API token. Because query-string secrets are easily copied, logged, pasted into chats, shell history, process lists, config files, and telemetry, users may unintentionally disclose a credential that grants access to connected business systems such as Gmail, Calendar, Stripe, and other integrated apps.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal