Tool Parameter Abuse
High
- Category
- Tool Misuse
- Content
Removes a schedule. **Request:** DELETE /api/v1/schedules/{scheduleId} Headers: X-API-Key: {CLOUDNAP_API_KEY}- Confidence
- 84% confidence
- Finding
- DELETE /api/v1/schedules/{scheduleId}
cloudnap
Security checks across malware telemetry and agentic risk
Overview
This CloudNap skill is mostly coherent, but it can change EC2 infrastructure and delete automation schedules without a clearly required confirmation step.
Install only if you trust CloudNap and want an agent to control EC2 instances with your CloudNap API key. Use a least-privileged key where possible, verify instance and schedule details before any change, and require explicit confirmation before deleting schedules or stopping resources.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
49/49 vendors flagged this skill as clean.