test
Security checks across malware telemetry and agentic risk
Overview
This skill transparently adds WhatsApp messaging and history search through an external CLI, with sensitive but disclosed capabilities the user must invoke deliberately.
Install this only if you want the agent to use your WhatsApp account for third-party messaging or chat-history search. Confirm every recipient, message, and file attachment before sending, and treat ~/.wacli as sensitive because synced WhatsApp history may be stored there.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.