Credential Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed credential-auditing skill, but it needs Review because its instructions encourage automated password-guessing workflows without clear built-in authorization, rate-limit, or lockout safeguards.

Install only for authorized security testing. Before using it, define exact targets in writing, require manual confirmation before any login attempts, set low request rates and lockout-aware limits, avoid broad password guessing on production systems, and keep generated wordlists or credential reports private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly promotes multi-protocol brute-force testing across SSH, RDP, FTP, HTTP/HTTPS, Telnet, and SMB, but only includes generic legal-use language elsewhere. It does not warn about operational harms such as account lockouts, service disruption, IDS/EDR alerts, or potential denial-of-service effects, which makes unsafe use materially more likely for a credential-auditing skill.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal