Security audit

CORS Tester

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned CORS testing skill, with the main risk being that its audit mode actively contacts target systems.

Install only if you need a CORS audit helper. Run its audit mode only against domains you own or have explicit permission to test, and expect it to make real network requests that may appear in server logs or monitoring.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The audit mode performs active probing against a target using multiple crafted Origin values and an OPTIONS preflight request, which goes beyond passive inspection and may be interpreted as security scanning by the target or its monitoring systems. In an agent setting, running this without an explicit warning or consent mechanism can cause unintended interaction with third-party systems, trigger rate limits or alerts, and create compliance issues if used on unauthorized targets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal