Durable Objects

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Cloudflare Durable Objects skill whose guidance is coherent with its stated purpose, with one logging privacy caveat users should handle carefully.

Before using the production logging examples, avoid forwarding secrets, auth headers, tokens, raw request bodies, or unnecessary user identifiers. Treat Wrangler deploy and secret commands as real Cloudflare account operations and review configuration changes before applying them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The file recommends forwarding production logs to another service without warning that logs may contain secrets, identifiers, request payloads, or internal error details. In this same document, examples log request paths, methods, durations, and stringified errors, so operators may adopt log forwarding without redaction and unintentionally exfiltrate sensitive data to downstream systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal