Geo Mass Publish Check

Security checks across malware telemetry and agentic risk

Overview

This skill checks GEO publishing readiness using a user-provided API key and does not publish content or modify remote data.

Install only if you intend to connect the agent to the GEO SaaS. Store the GEO key with restrictive local permissions, rotate it if the machine is shared or compromised, and remember that the skill sends the key only to the configured GEO service endpoints for verification and status checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to collect a user-provided GEO API key and write it directly to a predictable plaintext file in the user's home directory without any warning, consent check, or permission hardening. This creates credential exposure risk through local compromise, backups, shell history/workflow leakage, or unintended reuse by other tools that can read that path.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal