hiagent智能体对话

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward hiagent chat connector that shares prompts and conversation history with the configured hiagent service, with no hidden execution found.

Install only if you trust the configured hiagent endpoint and how it handles data. Treat prompts, user identifiers, conversation IDs, and retrieved chat history as shared with hiagent, avoid sensitive content unless approved, and use the least-privileged API key available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents sending a user identifier, conversation identifiers, and user queries to an external hiagent service using an API key, but it provides no warning about data transmission, retention, or safe handling of credentials. In a chat skill, this increases the risk of unintentional disclosure of sensitive conversation content and misuse of secrets by operators or downstream users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal