LinkSwarm API

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for LinkSwarm, but it should be reviewed because it lets an agent spend credits, request public backlinks, contribute site pages, and configure webhooks without clear approval limits.

Install only if you want an agent to manage LinkSwarm backlink activity for approved domains. Require explicit approval before site registration, backlink requests, link-slot contributions, or webhook setup; store the API key in a trusted credential store; limit use to owned domains and approved pages; and consider SEO, reputation, credit-spending, and webhook security implications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages registering arbitrary webhooks but does not warn that event payloads will be transmitted to an external endpoint and may include operational metadata about sites, links, or account activity. In an agent context, this can cause unintended data exfiltration or SSRF-like abuse if untrusted users can influence the webhook URL.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal