Back to skill

Security audit

Combination of Many Breaches

Security checks across malware telemetry and agentic risk

Overview

This skill is a thin wrapper for searching a leaked-credential API, but it lacks clear warnings and authorization limits for highly sensitive queries and results.

Install only for authorized defensive security work, such as checking your own accounts or systems you administer. Do not submit live passwords or credentials you do not own, and treat any returned credentials as sensitive data that should be redacted, rotated, and handled according to your organization’s security policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly encourages sending emails, usernames, or passwords to a third-party leak-search API, but it does not warn users that these inputs are highly sensitive and will be transmitted off-platform. In this context, omission of that warning is dangerous because users may unknowingly disclose live credentials or personal identifiers to an external service, creating privacy, compliance, and potential credential-compromise risks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.