TestFlight Seat Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: monitor TestFlight links and alert when beta seats open.

Before installing, review config/batch-config.json and remove the included Reddit example if you do not want it checked. Only add TestFlight URLs you intend to monitor, because checks make outbound network requests and store those links locally. If you enable the cron example, remember it creates ongoing scheduled checks until you remove or disable the cron job.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill performs repeated outbound requests to TestFlight pages and to a community-maintained data source, but the description does not clearly warn users about this ongoing network behavior. Lack of disclosure can lead to privacy, compliance, or operational surprises, especially when the skill is scheduled via cron for continuous monitoring.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal