Agent Network Scanner

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible network-discovery helper, but it is too broadly scoped and lacks clear authorization boundaries for outbound scanning.

Install only if you are comfortable with the agent making outbound network requests. Use it only for domains and services you own or are explicitly authorized to assess, avoid broad internet scans, validate target domains before running the shell examples, and prefer a small allowlist of approved targets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill is framed as 'find every agent network on the internet' and 'scan domains for discovery signals' without clear scope, authorization, or user-consent boundaries. In an agentic environment, this can encourage indiscriminate external reconnaissance and cause the assistant to contact arbitrary third-party infrastructure beyond the user's intended target set.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes multiple curl and dig commands that actively contact external domains and APIs, including batch scanning and bounty enumeration, but provides no warning that using the skill generates outbound traffic to third-party services. This is dangerous because agents may execute or adapt these commands automatically, creating unintended reconnaissance, privacy leakage, or policy violations against external systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal