Smart Fetch
Security checks across malware telemetry and agentic risk
Overview
Smart Fetch is a disclosed web-fetching utility with ordinary scraper and dependency risks, not evidence of hidden or harmful behavior.
Install only if you are comfortable letting the agent fetch URLs you provide. In private networks, configure the domain allowlist or blocklist, keep caching disabled unless needed, and prefer deterministic installs from the lockfile with dependency updates reviewed before use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.