Apm Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly harmful, but its advertised APM monitoring purpose does not match the included placeholder and generic data-processing scripts.

Review before installing. This looks more like a placeholder or mispackaged local CLI helper than a real APM monitor. Verify which executable would run, do not rely on it for monitoring, and avoid passing sensitive values as command arguments because the script can save them locally in a history file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill metadata and visible documentation describe an APM/monitoring tool, but the finding indicates the underlying behavior also includes broad local data processing and command history logging unrelated to that stated purpose. This mismatch is dangerous because it can cause users or downstream agents to grant trust and invoke the skill under false assumptions, increasing the chance of unintended file access, data handling, or persistence on the local system.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script’s implemented behavior is a generic local data utility that echoes arguments, reads a local log, and writes history entries, but it does not perform the APM/distributed-tracing functions claimed by the skill metadata. This mismatch is dangerous because it can mislead users into installing and trusting a capability they are not actually getting, and such deceptive repackaging is commonly used to hide low-value, placeholder, or later-swappable functionality inside a security-sensitive ecosystem.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The command examples and trigger language are broad and underspecified, which can cause accidental activation in contexts unrelated to this skill's intended purpose. In an agent environment, ambiguous invocation patterns increase the risk that routine user text or generic requests are interpreted as permission to run tool actions, potentially exposing local data or causing unintended operations.

Unrestricted Tool Access

Medium

Category: Excessive Agency
Content: ## Usage Run any command: `apm-monitor <command> [args]` --- 💬 Feedback & Feature Requests: https://bytesagain.com/feedback Powered by BytesAgain | bytesagain.com
Confidence: 93% confidence
Finding: Run any command

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal