Api Security Scanner

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a markdown-only API security review checklist that matches its stated purpose, but users should redact sensitive API details before using it.

Use sanitized examples where possible. Do not paste production bearer tokens, API keys, private keys, customer data, internal-only hostnames, or unredacted vulnerability reports unless you have approval and understand how the skill platform handles submitted text.

SkillSpector (1)

By NVIDIA

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README invites users to submit API endpoints, gateway configurations, and vulnerability findings for analysis, but it does not warn that such inputs may contain sensitive internal URLs, secrets, authentication details, or security-relevant metadata. This can lead users to disclose confidential infrastructure and security information to the skill or upstream services without informed consent, increasing privacy and operational security risk.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal