Pg Setup

Security checks across malware telemetry and agentic risk

Overview

This ProxyGate setup skill is not malicious, but it includes under-scoped guidance for credentials, wallet-related actions, service exposure, destructive listing deletion, and optional skill installation.

Install only if you intend to use ProxyGate. Verify the @proxygate/cli package source, avoid pasting real API keys into shared terminals or chats, protect wallet keypair files, and do not run deposit, withdraw, listing deletion, tunnel, dev forwarding, job, or proxygate skills install commands unless you explicitly understand and approve the action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill metadata explicitly instructs invocation for a wide range of common setup terms such as "login" and "connect to gateway," which can cause the skill to activate in contexts that are only tangentially related to ProxyGate. Over-broad routing increases the chance of unintended execution of installation and authentication guidance, which is risky because this skill includes commands involving credentials and system-wide package installation.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill shows authentication commands with live-secret formats directly on the command line, including API keys and wallet keypair paths, but does not warn about shell history, screen exposure, logging, or secure storage. In an agent-driven environment, this can normalize unsafe secret handling and lead to credential leakage through transcripts, terminal history, process lists, or copied examples.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly advertises commands that expose local services (`proxygate tunnel`) and send request data over the network (`proxygate dev`) but does not warn users about the privacy and attack-surface implications of publishing local endpoints or forwarding potentially sensitive traffic. In a setup/onboarding skill, users may run these commands early and with default configs, increasing the chance of unintentionally exposing internal development services or data.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The command reference includes a permanent destructive action (`proxygate listings delete <id>`) without an adjacent warning that deletion is irreversible and may remove production-facing listings. In an agent skill meant to help users get started, concise command snippets can be copied verbatim, so missing safety guidance raises the risk of accidental destructive actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal