Myip

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple IP lookup helper whose network access is expected for its purpose, with a minor privacy notice gap.

Install only if you are comfortable having public IP lookup services such as ifconfig.me or api.ipify.org receive a request from your network. In sensitive environments, use an organization-approved endpoint instead.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the user to query third-party IP echo services without explicitly warning that doing so discloses the machine's public IP and metadata to an external service. In this context, the behavior is expected for determining a public IP, but the lack of notice can still create an avoidable privacy and transparency risk, especially in enterprise or sensitive environments.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal