Time Convert

Security checks across malware telemetry and agentic risk

Overview

This is a simple time-conversion skill that sends date and timezone queries to a disclosed external API and does not install or run code.

Install only if you are comfortable sending timezones, dates, times, and epoch values to time.agentutil.net. Avoid using it for confidential schedule details unless you trust that service, and review the optional paid x402/USDC tier before enabling any paid requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill documentation directs the agent to send request data to an external service, but it does not clearly warn that user-supplied dates, times, and timezone-related inputs will leave the local environment. While the transmitted data appears low sensitivity in this context, the absence of an explicit disclosure can lead to unintended off-system data sharing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal