IP Address Query - IP查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward IP lookup tool that uses JisuAPI as described, with privacy considerations around sending queried IPs to that provider.

Install this only if you are comfortable using a JisuAPI key and sending queried IP addresses to JisuAPI. Avoid using it for confidential internal, customer, or security-sensitive IPs unless that sharing is acceptable for your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger wording is broad and open-ended, which can cause the agent to invoke this skill on loosely related user queries. Because the skill sends queried IPs to an external provider, unintended invocation can lead to unnecessary third-party disclosure of user-supplied data and surprising behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation states that user-provided IP addresses are sent to JisuAPI but does not warn users that this is an external disclosure. IP addresses can be personal data or sensitive operational data, so silent transmission to a third party creates privacy and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal