Mfapi
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward mutual-fund lookup helper that only queries the documented MFapi.in service and keeps a temporary local cache.
Before installing, consider that searched fund names, scheme codes, and ISINs will be sent to api.mfapi.in. Avoid using it for sensitive portfolio analysis unless you are comfortable with that third-party disclosure.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.