Back to skill

Security audit

LiteLLM

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward LiteLLM helper for user-directed calls to external LLM providers or a proxy, with no evidence of hidden or destructive behavior.

Install only if you are comfortable with prompts, system messages, and related request/response data being sent to the selected LLM provider or LiteLLM proxy. Avoid sending secrets, regulated data, or confidential code unless the provider or proxy is approved for that data, protect API keys, monitor usage costs, and consider pinning the LiteLLM dependency in controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill demonstrates access to environment-sourced secrets via API key setup and external model/provider usage, but no corresponding permissions are declared. This creates a transparency and governance gap: users or orchestrators may not realize the skill depends on environment credentials and can cause outbound requests using them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description encourages use of third-party LLM providers and proxy routing but omits any warning that prompts, context, and model outputs may be transmitted off-platform. This can lead users to send sensitive data to external processors without informed consent or appropriate handling controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The proxy example includes an external endpoint and API key usage but provides no warning about secret handling, trust boundaries, or network transmission. Users may copy the pattern directly, exposing credentials to logs/misconfiguration or routing sensitive prompts through an untrusted proxy.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script sends the provided prompt and optional system message to an external LLM endpoint via LiteLLM, but it gives no warning that input may leave the local environment and be processed by a third-party provider or proxy. In a skill context, users may pass sensitive source code, secrets, or internal data, so the lack of disclosure and guardrails creates a real confidentiality risk even though the network transmission is the intended function.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.