Back to skill

Security audit

Weights & Biases Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Weights & Biases monitor with expected credential use and metadata-disclosure cautions, but no evidence of malicious behavior.

Install only if you are comfortable letting the agent use your W&B-authenticated environment to read and display training run data. Use explicit entity, project, and run arguments, avoid relying on default watch targets unless intended, and avoid storing secrets in W&B configs or summaries because this skill may print them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad natural-language phrases such as "how's training," "any failures," and "check experiments," which can match ordinary conversation and cause the skill to activate unintentionally. Because this skill can lead users toward authenticated W&B access and retrieval of remote training-run data, accidental invocation increases the chance of unnecessary data exposure or actions taken in the wrong context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The setup section instructs the user to run `wandb login` or set `WANDB_API_KEY`, but the skill does not clearly warn that this uses authentication credentials and enables access to remote experiment data. Without an explicit notice, users may provide secrets or authorize access without understanding the scope of data exposure, especially in shared or automated environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script serializes and prints `run.config` and `run.summary` directly, and these fields can contain secrets, internal paths, dataset identifiers, API endpoints, or other sensitive experiment metadata. In this skill context, the purpose is to inspect training runs, so exposing these fields is functional, but doing so without redaction, allowlisting, or a warning increases the risk of accidental disclosure to logs, terminals, or downstream tools.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.