Web Distiller
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent integration for sending selected webpage URLs to Distiller to get cleaned Markdown, with its API key and external service use disclosed.
Install this only if you trust the Distiller service and the web-distiller Python package. Use a dedicated API key when possible, keep it out of shared logs and prompts, confirm DISTILLER_API_BASE points to the intended HTTPS endpoint, and avoid submitting private or sensitive URLs unless you are comfortable with that provider processing them.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.