Pans Tech Profile

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward company research helper that fetches public web pages and can optionally save the resulting profile to a file.

Install only if you are comfortable with the tool making outbound web requests for the company or domain you provide. Do not use internal hostnames, private IPs, or confidential prospect lists unless that exposure is acceptable in your environment, and treat any --output files as business research data that may need cleanup or access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill automatically gathers information from external sources such as company websites and GitHub, but the description does not clearly warn users that their target company queries will be transmitted over the network. This can expose sensitive research targets, customer prospecting lists, or internal business intent to third parties and may create privacy, compliance, or operational security risks.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill supports writing output to a file but does not clearly warn users that collected company intelligence may be persisted to disk. Even if the data is public, local persistence can create confidentiality, retention, and accidental exposure issues on shared systems or managed endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal