AgentAPI
Security checks across malware telemetry and agentic risk
Overview
This skill is a documentation-only helper for browsing an API directory, with optional paid API information clearly disclosed.
This appears reasonable to install if you want an AgentAPI directory reference. Treat the x402 section as financial guidance: do not let an agent make paid API calls unless you explicitly configure wallet access, require approval for each payment or strict limits, and verify the recipient address.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.