Skill
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Zhipu CogView image-generation helper that discloses its API key requirement and external API call.
Install only if you are comfortable sending image prompts to Zhipu AI and using a Zhipu API key in this runtime. Avoid shared systems where environment variables or curl command arguments may be visible, and rotate the key if you suspect exposure.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.