finoview-report
Security checks across malware telemetry and agentic risk
Overview
The skill appears to fetch Finoview reports as advertised, but its setup guide tells users to print an API secret, which can expose credentials.
Review before installing. Use the skill only if you trust it with Finoview API credentials, avoid running the verification snippet that prints FINOVIEW_API_SECRET, and check credentials with masked output or a presence-only check instead. Prefer temporary environment variables or a proper secret manager over storing the secret permanently in a shell profile.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.