threat-intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a minimal threat-intelligence skill that is purpose-aligned, but it is incomplete and does not explain the external provider or API-key handling clearly.

Install only if you know which threat-intelligence service and script you intend to use. Treat INTEL_API_KEY as a secret, use a limited or disposable key where possible, and avoid submitting confidential incident data unless you trust the external provider and its retention policies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill requires an API key and implies sending input to an external threat-intelligence service, but it provides no warning about transmitting potentially sensitive data off-platform or guidance for secure credential handling. In a security operations context, users may submit indicators, incident artifacts, or internal telemetry that could contain confidential information, increasing the risk of unintended disclosure or poor secret management.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal