Get My Ip

Security checks across malware telemetry and agentic risk

Overview

This skill simply fetches the machine's public IP address from ifconfig.me when asked, with no persistence, credential use, or local data access.

Install this only if you are comfortable with ifconfig.me seeing your public IP address and ordinary request metadata whenever you ask the skill to perform the lookup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill sends a request to a third-party service (`ifconfig.me`) that necessarily reveals the machine's public IP and related request metadata to that external operator, but it does not clearly warn about that disclosure or obtain explicit consent. While the behavior is consistent with the skill's purpose, the lack of an explicit privacy warning makes this a real information-disclosure issue, especially in sensitive or enterprise environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal