Straker Verify

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Straker translation skill that uses an API key to send user-selected text or files to Straker for translation or review.

Install only if you trust Straker with the content you ask the assistant to translate or review. Keep the API key private, confirm project submissions before sending files, and avoid uploading secrets, regulated data, customer data, or confidential documents unless your organization permits use of Straker and any human-review workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README tells users to configure an API key for a third-party translation service but does not disclose that user-supplied text will be transmitted to an external provider. In a translation skill, that omission matters because users may paste sensitive documents, credentials, customer data, or internal content without understanding the privacy and data-handling implications.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill handles user text, documents, and project data through an external API, but the user-facing description and quick-start flow do not prominently warn that submitted content is sent off-platform to Straker.ai. This can lead to unintended disclosure of sensitive data if users assume processing is local or within the hosting assistant only.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal