Verosight Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Verosight API integration for social media monitoring, with normal credential and privacy risks users should manage.

Install only if you intend to use Verosight and are comfortable sending API credentials, search terms, platform selections, and returned monitoring data to that service. Prefer test or limited-scope keys, avoid passing live keys or JWTs directly on shared command lines, keep queries within approved monitoring/legal boundaries, and handle reports or returned posts as potentially sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (11)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README promotes social-media intelligence and cyber monitoring across multiple platforms but provides no warning about handling personal data, platform terms, lawful basis, retention, or consent-sensitive use cases. In an agent skill context, this omission increases the chance that operators will collect, process, or report privacy-sensitive content without appropriate safeguards or compliance review.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The authentication example instructs users to place a live API key directly in a shell command and exchange it for a JWT without any warning about shell history, secret storage, token handling, or least-privilege practices. Even though this is documentation, agent operators may copy it verbatim, increasing the risk of credential leakage through terminal history, logs, screenshots, or shared environments.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup instructions place a live API key directly in shell commands and examples without warning about shell history, process inspection, terminal logging, or CI/CD log exposure. Secrets entered this way can be captured locally or in shared environments, leading to account compromise and unauthorized API usage.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow instructs users to send API credentials and potentially sensitive monitoring queries to an external service, but provides no privacy notice, data-classification guidance, or warning about the sensitivity of names, brands, incidents, or other intelligence terms used in queries. In a cyber-monitoring/social-listening context, those queries can themselves reveal investigations, clients, or reputational incidents, so omission of handling guidance is a real security and privacy weakness.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script requires a JWT bearer token as a positional command-line argument, which can expose the secret through shell history, process listings, audit logs, or CI job output. This is a real credential-handling weakness even if the script is otherwise legitimate, because anyone with local visibility may recover the token and use the Verosight API under the user's identity.

External Transmission

Medium

Category: Data Exfiltration
Content: export VEROSIGHT_API_KEY="vlt_live_YOUR_KEY" # Get JWT token (valid 24h) JWT=$(curl -s -X POST "https://api.verosight.com/v1/auth/token" \ -H "X-API-Key: $VEROSIGHT_API_KEY" | jq -r '.token') # Verify token works
Confidence: 90% confidence
Finding: https://api.verosight.com/

External Transmission

Medium

Category: Data Exfiltration
Content: -H "X-API-Key: $VEROSIGHT_API_KEY" | jq -r '.token') # Verify token works curl -s "https://api.verosight.com/v1/account/balance" \ -H "Authorization: Bearer $JWT" ```
Confidence: 84% confidence
Finding: https://api.verosight.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ## Step 2: Get Sentiment Data ```bash curl -s "https://api.verosight.com/v1/analytics/sentiment?query=KEYWORD&sources=x,instagram,tiktok&days=7" \ -H "Authorization: Bearer $JWT" | jq . ```
Confidence: 92% confidence
Finding: https://api.verosight.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ## Step 3: Get Volume Trend ```bash curl -s "https://api.verosight.com/v1/analytics/volume?query=KEYWORD&days=7" \ -H "Authorization: Bearer $JWT" | jq . ```
Confidence: 88% confidence
Finding: https://api.verosight.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # Negative posts from X curl -s "https://api.verosight.com/v1/posts?query=KEYWORD&sources=x&sentiment=negative&limit=15&days=7" \ -H "Authorization: Bearer $JWT" | jq . # All posts from specific platforms
Confidence: 90% confidence
Finding: https://api.verosight.com/

External Transmission

Medium

Category: Data Exfiltration
Content: -H "Authorization: Bearer $JWT" | jq . # All posts from specific platforms curl -s "https://api.verosight.com/v1/posts?query=KEYWORD&sources=x,threads&limit=20&days=7" \ -H "Authorization: Bearer $JWT" | jq . ```
Confidence: 88% confidence
Finding: https://api.verosight.com/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal