Security audit
HTM
Security checks across malware telemetry and agentic risk
Overview
This skill is a transparent HTM portal helper that uses your HTM credentials to view travel data and add a product to your cart, with no evidence of hidden collection or automatic payment.
Install only if you are comfortable giving the skill your HTM login through environment variables. Use reorder carefully because it changes your HTM cart, even though it does not pay or complete checkout automatically. Be aware it depends on a hardcoded HTM frontend order API key for cart operations, so that feature may break if HTM rotates or blocks the key.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.