Back to skill

Security audit

API Schema Migrator / API架构迁移工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a small OpenAPI migration helper description with no executable payload or install script, but users should review generated migration output before deploying it.

Before using this skill's output in CI/CD or production, treat generated migration and rollback files as drafts: review diffs, test in staging, verify backups and rollback paths, and avoid running generated changes against live systems without approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill repeatedly promotes generating 'ready-to-run' migration and rollback scripts for deployment, but it does not instruct users to review, test, or validate the generated changes before applying them. In a CI/CD and API migration context, unchecked autogenerated scripts can cause schema incompatibilities, service outages, or unintended destructive changes if the diff logic is wrong or the input specs are malicious or incomplete.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.