Security audit
Ftp Client
Security checks across malware telemetry and agentic risk
Overview
This skill is a real FTP/FTPS client, but it gives an agent powerful remote file access while using weak transport defaults and little protection around destructive actions.
Install only if you trust the publisher and need agent-accessible FTP operations. Use a least-privilege FTP account limited to the needed directory, prefer FTPS with certificate validation fixed or verified externally, avoid production-wide credentials, and double-check paths before upload, move, or delete commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.