Security audit

ensp

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward eNSP topology file generator with no executable code or hidden data access.

Install this if you want an agent to create eNSP `.topo` files. Run it from a working directory where creating a new file is acceptable, and ask the agent to confirm the filename or show the XML first if overwrites or sensitive topology details matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation rule is extremely broad ('Always use when user asks to create, generate, or design a network topology diagram for eNSP...'), which can cause the skill to trigger in situations where the user did not explicitly request this tool or where another skill would be more appropriate. Over-broad invocation increases the chance of incorrect tool use, unintended file generation, and user confusion, especially because the skill is instructed to write files automatically to the current directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal