Moss Platform Quick Auth

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is transparent about doing Moss quick authentication, but it can create or access accounts and return sensitive credentials with weak scoping controls.

Install only if you are authorized to use these Moss quick-auth endpoints. Confirm the exact Moss host and email before use, require explicit approval before registration, and avoid displaying or storing raw access tokens, refresh tokens, API keys, or temporary passwords unless strictly necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: ### 1) 先尝试 api-login ```bash curl -sS -X POST "https://<host>/studio-api/v1/auth/quick/api-login" \ -H 'Content-Type: application/json' \ --data '{"email":"<email>"}' ```
Confidence: 93% confidence
Finding: curl -sS -X POST "https://<host>/studio-api/v1/auth/quick/api-login" \ -H 'Content-Type: application/json' \ --data '{"email":"<email>"}' ``` ### 2) 若返回 USER_NOT_EXIST，则 api-register ```bash cur

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal