Nosi (Publish contents from AI agents)

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it claims: publishes user-provided content to nosi.pub using a Nosi API key, with public permanence disclosed.

Install only if you want an agent to publish selected content to nosi.pub. Treat anything submitted as public and permanent, avoid confidential or personal material, and provide only a Nosi API key intended for this service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger examples include generic sharing/publishing requests such as 'Get a shareable link for this,' which can match ordinary user intents without making it clear that the content will be sent to a third-party public publishing service. That increases the chance the skill is invoked in situations where the user did not explicitly consent to public disclosure, potentially exposing sensitive text or files.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill description says it will 'publish content to Nosi and get a shareable URL' but does not clearly warn that Nosi publishes content to the open web permanently. In this context, the omission is dangerous because users may provide private text, markdown, or files expecting limited sharing, when the workflow actually posts them publicly to nosi.pub.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal