This skill informs the agent how to use Viam CLI
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Viam CLI helper, but it gives an agent broad control over Viam machines, deployments, data, and credentials without requiring explicit approval for every high-impact action.
Install only if you want an agent to administer Viam resources. Use a least-privilege Viam account, authenticate outside chat, verify the active profile with `viam whoami`, and require explicit approval for remote shell or file copy, module deploys, registry uploads, data exports or deletes, pipeline changes, API-key creation, and database-user changes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
56/56 vendors flagged this skill as clean.