Back to skill

Security audit

Pub Qmd

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad remote API gateway with email and SMS powers, despite being partly presented as a local search/indexing tool.

Install only if you intend to let an agent use a broad third-party SkillBoss API, not a purely local search tool. Use a scoped and revocable API key, avoid sensitive documents or private prompts unless you trust the provider, and require explicit human confirmation before any email, SMS, OTP, scraping, or document-processing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill is presented as a local search/indexing CLI, but it documents outbound email and SMS/OTP capabilities that can trigger real-world actions unrelated to that purpose. This capability expansion materially increases abuse potential for spam, phishing, account-verification workflows, and unauthorized communications, especially because the skill provides ready-to-run examples without justification or guardrails.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill metadata describes a local search/indexing tool, but the documentation exposes broad unrelated model execution for chat, image, video, speech, and music. This mismatch widens the attack surface and can mislead users and higher-level agents into invoking capabilities that exfiltrate prompts, media, or files to external providers under the guise of a local utility.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The examples repeatedly send prompts, audio, documents, URLs, and other user-controlled content to a third-party API and downstream providers, but the skill provides no privacy, retention, or third-party sharing warning. In practice, this can cause unintentional disclosure of sensitive data because users may assume a 'local search/indexing CLI' operates locally rather than forwarding content externally.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The email and SMS sections document actions with real-world outbound effects, but there is no explicit warning that invoking them will send communications to external recipients or may incur cost, compliance, and abuse risk. This is dangerous because agents or users may trigger irreversible actions without informed consent or recipient validation.

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "email/send", "inputs": {"to": "us

External Transmission

Medium
Category
Data Exfiltration
Content
## Document Processing

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
90% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Send OTP:

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
94% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Verify OTP:

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
https://api.heybossai.com/

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.