Snipeit Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Snipe-IT API helper, but it can modify or delete inventory and user records if given a powerful token.

Install only if you want an agent to operate against your Snipe-IT instance. Set SNIPEIT_URL to your own approved server, use a dedicated least-privilege API token, avoid exposing the token in logs or chat, and manually confirm delete, checkout/checkin, restore, backup download, user-management, and other write or sensitive actions before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation includes multiple destructive and state-changing operations such as create, update, delete, checkout, checkin, restore, and audit actions without any warning about their effects or recommendation for confirmation before execution. In an agent setting, this increases the risk of unintended modification of production asset records, inventory state, and user assignments through routine use or ambiguous prompts.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs use of a bearer API token and demonstrates authenticated requests to an external service, but does not include warnings about protecting the token, avoiding accidental disclosure in logs, or limiting token scope. In an agent environment, this can lead to credential misuse or unintended transmission of sensitive asset and user data to a remote system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal