KlausNomi

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Nomi AI chat integration that uses a Nomi API key and sends chat content to Nomi as expected.

Install only if you are comfortable using a Nomi API key with this skill and sending selected conversation text, room notes, and prompts to Nomi. Do not include secrets or regulated/confidential data unless you intend to share it with that service, and confirm room updates or deletions before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to send user-authored messages and contextual notes to the Nomi service, including long room notes and conversation transcripts, but it does not warn that this content leaves the local environment. Users may disclose sensitive personal, business, or regulated data without realizing it is being transmitted to a third-party API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal