security-test-suite

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate web monitoring skill, but it needs Review because its metadata, missing scripts, and default API methods create real ambiguity and control risk.

Review before installing. Confirm whether the package is meant to be a health-monitoring tool or a security-testing tool, verify the missing Python scripts before running anything, use only authorized targets, avoid production session cookies, and restrict API verification to read-only methods unless testing in a controlled environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This markdown file documents options such as session cookies, authentication tokens, and extra HTTP headers for network-based checks, which can send sensitive data to external systems. There is no accompanying warning about handling credentials carefully, ensuring authorization, or understanding that supplied secrets will be transmitted to the target service.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: --target Host or URL (required) --output Output JSON file (required) --ports Comma-separated port list (default: 80,443,8080,8443) --no-checks Skip connectivity checks ``` ### ssl_monitor.py
Confidence: 75% confidence
Finding: --no-check

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal