Websocket Tester

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WebSocket testing guide, but its load-test example should only be used on systems the user is authorized to test.

Install this only if you want an agent to help run WebSocket tests. Run load tests only against systems you own or are explicitly authorized to test, start with lower connection counts and shorter durations, monitor the target, and use test or narrowly scoped tokens for authenticated endpoints.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes concrete load-testing instructions that default to 100 concurrent WebSocket connections for 60 seconds without any safety warning, scope limitation, or authorization check. In a security-testing skill, this can easily be used against production or third-party endpoints, causing service degradation, quota exhaustion, or accidental denial-of-service even if the author's intent is legitimate testing.

VirusTotal

39/39 vendors flagged this skill as clean.

View on VirusTotal