企业-真实业务穿透工具

Security checks across malware telemetry and agentic risk

Overview

This skill coherently queries an external enterprise-information API to generate business-analysis reports, with no evidence of hidden persistence, credential theft, destructive behavior, or unrelated access.

Install only if you are comfortable sending company names or enterprise IDs to the disclosed external API. Avoid using the included Python helper with confidential research unless you are comfortable with its terminal output showing full request and response details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The function logs the full request payload, URL, and complete response body to stdout. Because this skill processes enterprise identifiers and may receive sensitive business or account-linked data from a remote service, these logs can leak data into terminal history, centralized logging systems, or agent telemetry without any redaction or user warning.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal