Heartbeat Pro

Security checks across malware telemetry and agentic risk

Overview

Heartbeat Pro does what it describes, with the main consideration being disclosed use of an external agent-coordination service.

Install only if you want your agent heartbeat to contact onlyflies.buzz and, if you register, share an agent name, description, and capabilities with that service. Avoid putting sensitive operational details in the registration profile, and only add the recurring HEARTBEAT.md commands if that scheduled network activity is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill promotes agent discovery, coordination, and registration with an external hub but does not warn that this causes outbound network requests, potential agent metadata disclosure, and untrusted external content intake. In an autonomous heartbeat context, this can cause routine contact with third-party infrastructure and influence agent behavior based on remote data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal