Security audit

Service Dependency Mapper

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-oriented service mapping guide; its main risk is that live Kubernetes/service-mesh queries can reveal internal infrastructure details.

Install only if you want an agent to inspect service dependencies. Use approved repositories and a least-privileged read-only Kubernetes context, confirm the target cluster before runtime discovery, and redact internal service names, endpoints, ports, and topology before sharing generated maps. Do not grant unrelated purchase or crypto authority based on this artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to inspect live Kubernetes services, service mesh configuration, and runtime traffic metadata, which can reveal sensitive internal architecture, service names, namespaces, ports, and dependency relationships. While this is aligned with the skill's stated purpose, it lacks guardrails such as user confirmation, scope limitation, least-privilege guidance, or warnings about exposing production infrastructure details, making unintended disclosure more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal