IteraTools API

Security checks across malware telemetry and agentic risk

Overview

This skill is a real multi-tool API integration, but it exposes broad paid tools that can act on external services without enough safety boundaries in the artifact.

Install only if you are comfortable letting an agent access a broad paid third-party tool suite. Use a dedicated low-balance or scoped API key if available, enable only the tools you need, require confirmation before messaging, code execution, browser automation, or account-changing actions, and avoid sending secrets or sensitive personal data to provider-side memory or external tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill advertises high-impact capabilities including messaging, browser automation, web scraping, code execution, and persistent storage, but does not include any safety guidance, permission boundaries, or warnings about external side effects and data exfiltration. In an agent setting, this increases the chance that a model or user will invoke powerful tools without understanding that they can send messages, access remote content, execute code, or transmit sensitive data to third-party services.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal