Auto Login Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive logins and credentials, but the behavior is disclosed, user-directed, and limited to that purpose.

Install only if you are comfortable letting an agent assist with specific website logins. Provide credentials deliberately, avoid shared terminals or logs when using the credential helper, prefer manual OTP entry for important accounts, and keep any reusable credential files outside repositories with restrictive permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The script writes normalized credentials, including the password, directly to stdout. In an agent skill context, stdout is often captured by orchestration layers, logs, transcripts, or debugging systems, so this can unintentionally disclose live account secrets beyond the immediate component that needs them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal