Back to skill

Security audit

Cross Platform Reporter

Security checks across malware telemetry and agentic risk

Overview

This skill is an operations reporting helper, but it asks an agent to automatically collect data from five platforms, store local state, and publish reports without enough user-control or privacy details.

Review this carefully before installing. Only use it with accounts you control, confirm what each platform API can read, inspect accounts-state.json for sensitive data, and require manual review before any report is published to MEYO or another external channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes unattended collection from five platforms, writing local state to `accounts-state.json`, and automatically publishing a generated report, but it does not warn users about data handling, required authorization boundaries, or the consequences of cross-platform posting. This creates a real security and privacy risk because operators may enable automation without understanding what data is stored, where it is published, or how mistaken/over-broad collection could expose sensitive operational information.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.