Confluence CLI (confcli)

Security checks across malware telemetry and agentic risk

Overview

This Confluence helper is coherent, but it asks users or agents to run an unpinned remote installer for a tool that can change or delete workspace content.

Review before installing. Prefer installing `confcli` from a pinned release, Cargo, or a downloaded installer you inspect first, and use a Confluence token limited to the spaces and permissions you actually need. Avoid broad write/delete permissions unless those workflows are required.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

External Script Fetching

Low

Category: Supply Chain
Content: If not installed, install via: ```bash curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | sh ``` To install a specific version or to a custom directory:
Confidence: 98% confidence
Finding: curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | sh

Chaining Abuse

High

Category: Tool Misuse
Content: If not installed, install via: ```bash curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | sh ``` To install a specific version or to a custom directory:
Confidence: 99% confidence
Finding: | sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal