NEXUS Log Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid log-analysis skill that sends user-provided log text to a hosted NEXUS API, with privacy and cost cautions to consider.

Install only if you trust NEXUS to process the log content and payment proof you provide. Use sandbox mode for testing, review costs before enabling paid requests, and redact tokens, credentials, personal data, internal hostnames, and sensitive stack traces before sending logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The README states the skill is 'automatically invoked' when a matching task is detected, but provides no trigger boundaries, consent model, or examples of what data may be sent. In a log-analysis skill, this ambiguity is risky because agents may forward sensitive application logs to a remote endpoint without clear user awareness or scoping.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The usage section describes sending input to a hosted API but does not warn that logs may contain secrets, credentials, personal data, internal hostnames, or other sensitive operational details. Because this skill specifically processes application logs, omission of a transmission warning materially increases the chance of unintentional exfiltration to a third-party service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal