Brand Namer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it generates brand names, checks domains, and stores a local shortlist, with privacy caveats around DNS lookups and local history.

Safe to install for normal brainstorming. Avoid using the domain check or saved shortlist for highly confidential unreleased names unless you are comfortable with DNS lookups leaving your machine and local records remaining under ~/.brand-namer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The `check` command sends the user-supplied brand name to external DNS infrastructure via `dig`, which leaks potentially sensitive startup or product ideas to upstream resolvers and network observers. Although the script includes a brief note about availability accuracy, it does not clearly warn users before performing network lookups or obtain consent, so private naming research may be exposed unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal