IAMMETER
Security checks across malware telemetry and agentic risk
Overview
This skill appears to match its stated IAMMETER API purpose, with a user-directed CSV export overwrite risk that should be handled carefully.
Use this only if you trust the publisher and need IAMMETER data access. Provide a dedicated IAMMETER token, keep it out of public files, review the short JavaScript files and npm dependencies if you need higher assurance, and choose CSV output paths carefully because the CLI can overwrite the path you give it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.