Marketing Tool

Security checks across malware telemetry and agentic risk

Overview

This is a coherent marketing API skill, but it gives agents paid access to create marketing records and retrieve conversation logs without explaining approval, account scoping, privacy, or spending safeguards.

Review before installing. Only use this with a provider you trust, explicit wallet/payment controls, clear campaign and spend limits, and confirmation of how prospect data and conversation logs are scoped, protected, retained, and deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises fully programmatic creation of prospects, campaign launches, outreach tracking, and access to agent conversation logs without clearly warning users about privacy, consent, compliance, and misuse risks. In a marketing automation context, these capabilities can enable unsolicited outreach, processing of personal data, and exposure of sensitive conversation history if an agent uses the API without appropriate safeguards.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal