HashiCorp Vault
Security checks across malware telemetry and agentic risk
Overview
This Vault skill fits its stated purpose, but its helper scripts can use a local Vault token against a default plain-HTTP network address if the user has not set a Vault server.
Review before installing. Set VAULT_ADDR yourself to the correct trusted Vault endpoint, preferably HTTPS, and verify which token will be used before running the helper scripts. Only approve secret writes, policy changes, or mount changes when the target path and environment are clear.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.