Dataify Reddit Comment By Url

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Dataify integration for submitting Reddit comment collection tasks, with manageable caution around automatic invocation and API token handling.

Install only if you intend to use Dataify for Reddit comment collection. Review the parameters before approving a task, avoid pasting long-lived API tokens into chat when possible, and prefer using DATAIFY_API_TOKEN in your environment for authentication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest sets `allow_implicit_invocation: true`, which allows the skill to be auto-selected without an explicit user request. In a skill that triggers external data-collection actions and can handle API-token configuration or task submission, broad implicit activation increases the chance of unintended invocation, over-collection, or execution on ambiguous prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal