Kaggle

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Kaggle API helper that clearly relies on Maton-managed credentials and network access.

Install only if you trust Maton to broker Kaggle requests. Protect MATON_API_KEY, connect only the Kaggle account you intend to use, and verify the connection id before using the delete example because it can remove access for later Kaggle operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The documentation includes a destructive DELETE example for removing a connection without any warning, confirmation guidance, or explanation of consequences. In an agent setting, this increases the risk of accidental credential disconnection or service disruption if a model or user follows the example without understanding that it is destructive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal