Freeland

Security checks across malware telemetry and agentic risk

Overview

Freeland is a disclosed account-management skill for wallet, card, OTP, connectivity, and invoice workflows, but it should be used only with intentional Freeland account access and clear spending limits.

Install only if you trust Freeland and intend to let an agent operate that account. Prefer approval-based mode, set clear spend and service boundaries, and avoid exposing the API key, card details, OTPs, or inbox contents beyond the immediate task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The default prompt and description authorize a wide range of sensitive financial and account actions, including wallet management, cards, OTP retrieval, service purchases, and crypto invoice creation, without clear task boundaries or explicit user-confirmation requirements. Because implicit invocation is enabled, ordinary payment- or account-related requests could trigger this skill and expose high-risk capabilities in situations where the user did not clearly intend to use this specific provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal