Cocktail Boy
Security checks across malware telemetry and agentic risk
Overview
This is a local cocktail recipe lookup skill with a packaging mismatch but no evidence of hidden access, network use, persistence, or destructive behavior.
This appears appropriate to install for local cocktail recipe lookup. Before relying on it, check the configured entrypoint because the manifest points to a missing script name, so commands may need a packaging fix to run correctly.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.