gotrain
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward MTA train-times skill that installs and runs a disclosed npm CLI, with no evidence of hidden access, credential use, exfiltration, or unsafe automation.
Install only if you are comfortable trusting the external npm package that provides the gotrain command. The skill appears limited to transit lookups and saved station favorites, and it does not ask for account credentials or broad local access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.