Entity Linker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Discord link-rewriting helper, but users should understand that it can turn local workspace paths into hosted links.

Install only if you want Entity workspace references in Discord-bound messages converted into hosted links. Before enabling it in sensitive workspaces or public channels, review the upstream plugin source and confirm who can access generated hosted URLs and whether rewriting can be limited or disabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly rewrites outgoing message content containing local workspace paths into hosted Entity URLs, but the description does not warn users that message contents may be transformed and exposed outside the local environment. This creates a transparency and data-handling risk: users may unintentionally disclose sensitive repository structure, filenames, or internal workspace references to external recipients through clickable hosted links.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal