BYOCB ArbInjectionSkill

Security checks across malware telemetry and agentic risk

Overview

This security-scanning skill has a plausible purpose, but it asks the agent to run and auto-update unpinned external code in the background and send alerts through messaging channels.

Review before installing. Pin the external repository to a specific audited commit, inspect dependencies before npm install, avoid automatic daily git pull/npm install, explicitly choose any alert channel, and use scoped or revocable API keys only if you accept that scan context may leave your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly performs automatic background blockchain monitoring and instructs the agent to notify users through connected messaging channels, but it does not warn about the privacy implications of continuous monitoring or outbound notifications. This can lead to unexpected data processing, message transmission, and user surprise about how their connected channels are used, especially in multi-user or shared environments.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents use of an ANTHROPIC_API_KEY for LLM-based deep analysis but does not disclose that contract data, findings, prompts, or related scan context may be transmitted to a third-party service. Users may unknowingly send potentially sensitive analysis data off-platform, creating confidentiality and compliance risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal