Proxygate

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ProxyGate router skill with no executable code, but users should be careful because routed workflows can involve payments, wallets, proxying, and tunnels.

Before installing, review the pg-* sub-skills this router may load. Require explicit approval before deposits, withdrawals, wallet signing, proxy requests, tunnels, listing changes, or job submissions, and avoid sending secrets through ProxyGate proxy calls unless you trust the gateway and selected listing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The skill description is extremely broad and includes many generic concepts such as payments, jobs, buyers, sellers, and status-like requests, which can cause the router to activate on loosely related conversations. Because this is a router skill that forces delegation to sub-skills, accidental invocation can steer users into ProxyGate-specific workflows or expose unnecessary platform actions when the user did not actually intend to use this system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal