Security audit

ensp

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only eNSP topology generator that creates local .topo files and does not request secrets, network access, code execution, or persistence.

Install this only if you want the agent to create eNSP .topo files in your workspace. Use it in the intended project directory and review the generated topology before opening it in eNSP; the skill does not need credential, network, or broad filesystem access beyond writing the requested output file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly directs the agent to write a generated .topo file to the current directory without requiring explicit user confirmation or warning about filesystem modification. In agent environments with write capabilities, this can cause unintended local file creation, overwrite risk, and surprise side effects from a prompt that may appear purely generative.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal