FastAPI Flask Proxy

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only FastAPI and Flask deployment guide; its examples need production review but the skill itself does not execute code or hide behavior.

Safe to install as documentation. Before using the snippets in a real app, restrict exposed network bindings as needed, preserve auth/cookie/header behavior in the proxy, and treat deletion examples as destructive production code that needs access control and recovery planning.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Low

Confidence: 84% confidence
Finding: The skill exposes a specific internal-looking project path and host reference unrelated to the deployment guidance. Publishing environment-specific repository or infrastructure paths can leak internal topology, usernames, or sensitive organizational details that aid reconnaissance.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The markdown includes concrete DELETE operations and record removal logic without warning about irreversibility, authorization, or recovery considerations. In a copy-paste friendly skill, this can lead users to deploy destructive endpoints that allow permanent data loss or accidental mass deletion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal