Northbase

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly scoped guide for using an existing Northbase CLI to access the user's own notes and workspace files when requested.

Install this only if you trust the separate Northbase CLI and intend the agent to access that Northbase workspace. Confirm the CLI is logged into the correct account before use, and review write or overwrite requests because changes may persist and sync across devices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill instructs the agent to run `northbase login` when unauthenticated, but does not warn that this may trigger an interactive browser/device-code flow or bind the agent to the user's account context. In an autonomous or semi-autonomous environment, initiating authentication without explicit user approval can cause confusing side effects, unexpected account access, or accidental continuation under the wrong identity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal