Security audit

ensp

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused Huawei eNSP topology file generator with no evidence of hidden execution, credential access, exfiltration, or persistence.

Install this if you want an agent to create Huawei eNSP .topo files. Expect it to write generated topology files in the current working directory, choose or check filenames to avoid overwrites, and avoid including sensitive real network details unless you are comfortable storing them in the generated file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill’s trigger condition is overly broad: 'Always use' for requests to create, generate, or design network topology diagrams can capture generic networking or diagramming prompts that may not specifically require eNSP. This can cause unintended invocation, misroute user tasks, and lead the agent to create files or produce eNSP-specific artifacts when the user wanted a different format or tool.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill explicitly instructs writing a `.topo` file to the current directory without requiring prior user confirmation or warning about filesystem modification. While the action is limited to a topology file, automatic file creation can still surprise users, overwrite existing files, or violate least-astonishment expectations in environments where writes should be explicit.

VirusTotal

No VirusTotal findings

View on VirusTotal