Model Router

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed multi-model routing prototype with privacy caveats, but the provided code does not actually transmit data or show hidden behavior.

Install only if you want a prototype for comparing or merging model outputs. Do not use it with secrets, private code, customer data, or regulated information unless you review any real provider integrations and add explicit provider allowlists, consent, and redaction controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill explicitly routes a user's task to multiple third-party LLMs and then forwards their outputs to a merge model, but the description does not warn users that their prompts and intermediate model responses may be disclosed to several external providers. This creates a real confidentiality and compliance risk because sensitive data may be replicated across multiple vendors, jurisdictions, retention policies, and training pipelines without informed consent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The router is explicitly designed to send a user task to multiple external LLMs and then send the aggregated outputs again to a merge model, multiplying data disclosure across providers. There is no consent gate, sensitivity filtering, provider allowlist enforcement, or disclosure mechanism, so users may unknowingly transmit confidential or regulated data to several third parties.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal