Headless OAuth
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only skill for completing OAuth logins on headless servers, with sensitive code handling that is disclosed and necessary for its purpose.
Install this only if you trust the agent session and server where the OAuth flow runs. Prefer device-flow login when available, treat redirect URLs and codes like secrets, relay them only to the expected localhost callback, and avoid placing tokens or keyring passwords in shell history, persistent environment variables, or startup files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.