Security audit

Flowtriq - anti-DDoS attack integration

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Flowtriq monitoring skill, but it mixes sensitive infrastructure access with write/provisioning actions that are not tightly scoped.

Install only if you want your agent to access Flowtriq operational data for the configured node. Use a least-privileged key, avoid sharing outputs in public or shared contexts, and require explicit confirmation before any POST action such as incident creation/update, PCAP upload, or node registration with a deploy token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill is presented as a monitoring tool for an existing Flowtriq node, but it also documents a deployment flow that creates new node credentials. That expands the skill from read/monitor operations into provisioning of new infrastructure access, which can surprise users and enable unauthorized credential creation if the skill is auto-invoked in the wrong context.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad enough to match common monitoring questions, increasing the chance the skill activates when the user did not specifically intend Flowtriq access. Because this skill uses authenticated API credentials tied to infrastructure telemetry, overbroad triggering can cause unintended access to sensitive operational data or execution of higher-risk flows in the wrong conversation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes authenticated access to node configuration, incidents, IOC patterns, and thresholds, but does not prominently warn that it exposes sensitive infrastructure and security-monitoring data. Users may not realize that invoking the skill grants access to operationally sensitive details that could aid reconnaissance or lead to unintended disclosure in shared agent environments.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.