Epidbot

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only EpidBot API integration that is purpose-aligned, but users should treat prompts, session history, reports, and API keys as sensitive.

Install only if you trust the EpidBot service with the prompts and public-health analysis requests you send. Avoid including secrets, credentials, or unnecessary personal health information; retrieve prior sessions or reports only when intended; and avoid copying or logging WebSocket URLs that include the API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill clearly instructs agents to send user prompts, session identifiers, and retrieve session/message history from an external third-party API, but it does not prominently warn that this data leaves the local environment and may be stored or retained remotely. In an agent setting, this can cause unintentional disclosure of sensitive health, operational, or user data to the service without informed consent or policy review.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The WebSocket example places the API key in the query string, which is commonly captured in browser history, proxy logs, reverse-proxy access logs, monitoring tools, and referrer-like telemetry. Even over TLS, query-string credentials are more likely to leak through operational logging than header-based authentication, enabling credential compromise and unauthorized API use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal