ASO Suite

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward ASO Suite CLI helper; it includes account-changing commands, but they are visible and aligned with the stated ASO purpose.

Install this only if you trust the `asosuite` npm package and the ASO Suite service. Before running commands that remove, untrack, unplan, or delete data, verify the app ID, planned app ID, keyword list, related app ID, or event ID because those commands can change your ASO Suite account state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents multiple state-changing and potentially destructive commands such as untracking apps, removing related apps, deleting events, and removing tracked keywords without any caution, confirmation guidance, or scoping advice. In an agent setting, this increases the chance that a model or user invokes irreversible or account-modifying actions on the wrong app or dataset, especially because several commands accept broad identifiers and operate directly against a live ASO account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal