Api Gateway 1.0.71

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate API gateway, but it exposes broad live access to many connected services without enough built-in safety guidance for writes, deletes, sending messages, or sensitive data sharing.

Install only if you intentionally want a raw gateway to many connected services. Use least-privilege Maton connections, specify the exact connection ID, and require explicit confirmation before any send, write, delete, billing, admin, permission-sharing, webhook, or cross-user data access action. Treat requests through this skill as real actions on live third-party accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (86)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill explicitly says to use it whenever users want to interact with external services, which is very broad for a capability that can reach 100+ third-party APIs and perform both read and write operations. In an agent setting, this raises the chance of unintended invocation and accidental external actions without a stronger requirement for explicit user confirmation and service-specific scoping at the skill layer.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation presents direct examples for posting messages, creating contacts, querying and deleting/managing connections, but does not prominently warn that the gateway supports destructive and data-modifying actions across many external services. In practice, this can lead an agent or operator to treat the skill as routine transport rather than a high-impact action surface capable of sending messages, creating records, or deleting integrations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README documents state-changing operations such as creating contacts/accounts, updating contacts, and adding contacts to sequences without clearly warning that these actions modify live third-party CRM/outreach data and may trigger downstream sales or email automation. In an agent skill context, this omission increases the risk of unintended writes or outreach being performed based on ambiguous user prompts or autonomous agent behavior.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README encourages person enrichment using email addresses or LinkedIn URLs and notes that authentication is automatic, but does not warn that these personal identifiers are transmitted to an external third-party service. In this skill context, agents may send sensitive or regulated personal data to Apollo without sufficient user awareness, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation exposes state-changing and destructive Basecamp operations such as project creation, todo completion, and trashing recordings without any warning, confirmation guidance, or safe-use notes. In an agent skill that helps users interact with third-party services, this increases the chance an agent or integrator will invoke write actions without clearly signaling that user data may be modified or deleted.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document exposes numerous state-changing and destructive operations such as create, update, archive, cancel, and delete actions without any warning, confirmation guidance, or notes about irreversible effects. In an agent skill context, this can normalize unsafe use and increase the chance that an LLM or user triggers impactful actions on authorized third-party resources without sufficient caution.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README documents high-impact actions such as sending messages and deleting templates, lists, contacts, and email addresses without any warning that these operations can incur charges, alter user data, or cause irreversible loss. In an agent/tooling context, this omission increases the chance that an LLM or operator invokes destructive or billable endpoints without explicit user confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation exposes a destructive delete-project operation without any warning about irreversible consequences, required authorization checks, or a recommendation to obtain explicit user confirmation before execution. In an agent skill that brokers real third-party API actions, this can lead to accidental or prompt-induced deletion of user resources.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README documents time-entry deletion as a normal operation but does not warn that deleting time records can permanently remove user work-history and billing data. In a connected API gateway context, an agent could be induced to delete entries without sufficient friction or confirmation.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly instructs use of the Dropbox-API-Select-User header to access files on behalf of another team member, but provides no privacy, authorization, or consent warning. In an agent skill context that connects to external services, this omission is more dangerous because it can normalize cross-user file access and lead an agent or operator to retrieve another employee's data without sufficient verification of administrative authority, user intent, or data-minimization safeguards.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly says authentication is automatic because the gateway injects the API key, but it does not warn that user-provided queries, URLs, and extracted page contents are transmitted to Exa, an external third-party service. In an agent setting, this omission can lead developers or users to send sensitive prompts, internal URLs, or proprietary content off-platform without informed consent, creating a real data-handling and privacy risk even if the API key itself does not grant broader access.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The async callback examples show `destination_url` usage for transcript and summary delivery without any warning that potentially sensitive meeting content may be transmitted to an arbitrary external endpoint. In an agent skill that connects to real third-party SaaS data, this can normalize exfiltration of private meeting data and increase the chance that users or downstream agents send sensitive content to untrusted URLs.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The webhook creation example enables delivery of transcript, summary, and action items to an external `destination_url` with no privacy, consent, or data-sharing warning. Because this skill is specifically for cross-service API access via managed OAuth, the omission is more dangerous: it may lead operators or agents to forward highly sensitive meeting-derived content outside the source platform without sufficient scrutiny.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README documents privacy-impacting data access and destructive actions such as listing users, retrieving transcripts and contacts, uploading audio, and deleting transcripts, but provides no guidance to require explicit user confirmation or to warn about sensitive content exposure. In an API-gateway skill that connects to real third-party services via OAuth, this omission can lead downstream agents or integrators to invoke high-risk operations without appropriate consent checks, increasing the chance of unauthorized data disclosure or destructive actions.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation includes state-changing GitHub operations such as creating issues, creating pull requests, and merging pull requests, but it does not warn that these actions modify remote repositories or should require explicit user confirmation before execution. In an agent skill that proxies authenticated GitHub access, this omission can lead to unintended destructive or workflow-altering actions if an agent treats the examples as routine operations.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly documents state-changing Google Ads mutate operations such as creating campaigns and enabling campaign status, but does not warn that these requests modify live advertising accounts and may spend money or alter production settings. In an agent skill context, examples in reference docs are often operationalized by downstream agents, so omission of safety guidance increases the chance of unintended destructive or costly actions against authorized customer accounts.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README documents authenticated create and update operations for Google Analytics Admin resources without clearly warning that these calls change live account and property configuration. In an agent skill context, this increases the risk that an LLM or user invokes state-changing endpoints unintentionally, causing unauthorized or accidental administrative changes to analytics properties, data streams, or tracking configuration.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Stating that authentication is injected automatically without clarifying that requests run with the user's existing Google Analytics admin privileges obscures the security boundary. This can mislead operators or downstream agents into treating the skill as low-risk, when it can actually perform privileged administrative actions against any connected accounts the user authorized.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README explicitly documents create, update, patch, quick-add, and delete calendar operations but does not warn that these actions modify or remove user data. In an agent skill, omission of data-impact warnings increases the chance an LLM or operator will invoke destructive actions without explicit user confirmation, leading to unintended calendar changes.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: Stating that authentication is automatic and the router injects the OAuth token, without an accompanying authorization/privacy warning, can normalize silent access to connected Google Calendar data. In this context, that can cause agents or users to underestimate that requests operate with the user's delegated permissions and may expose or alter sensitive calendar information.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README exposes destructive and privacy-impacting operations such as deleting courses, listing students/teachers, viewing submissions, and creating announcements, but provides no caution about authorization, user confirmation, or sensitivity of education records. In an agent skill context, documentation often shapes tool usage behavior, so omitting safety guidance increases the chance an agent or integrator will invoke high-impact actions without adequate user consent or review.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly documents destructive and privacy-impacting operations such as deleting files, downloading content, exporting documents, uploading data, and changing permissions, but it provides no user-safety guidance, confirmation requirements, or warnings about data loss and sharing risk. In an agent skill context, this increases the chance that downstream agents or integrators will invoke these actions without adequate consent checks or human confirmation.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation explicitly exposes state-changing Gmail operations such as sending mail, sending drafts, modifying labels, and trashing messages, but it does not warn that these actions alter a user's mailbox or can trigger external side effects like outbound email delivery. In an agent setting, this omission increases the risk that an agent or developer treats these endpoints like harmless reads and invokes them without clear user confirmation, leading to unintended destructive or privacy-impacting actions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The reference documents multiple state-changing and destructive Google Play Developer API operations such as deleting products, canceling subscriptions, replying to reviews, and committing or deleting edits without any cautionary language, confirmation guidance, or recommendation for user validation. In an agent skill that connects to external services with managed OAuth, this increases the chance that an LLM-driven workflow could invoke high-impact actions on a live production app based on ambiguous or manipulated user input.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Stating that authentication is automatic and the router injects the OAuth token, without emphasizing authorization boundaries, can normalize silent credential use and obscure the sensitivity of delegated third-party access. In an agent skill that connects to external services, this increases the risk of unintended data access or action execution if callers or downstream components assume requests are inherently safe once routed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal