Security audit

Json Formatter

Security checks across malware telemetry and agentic risk

Overview

This is a simple JSON formatting skill, but its manifest contains unrelated financial referral links users should ignore.

Install only if you are comfortable with the publisher's promotional metadata. Do not use the crypto or stock referral links as part of the JSON formatting workflow, and avoid passing sensitive JSON unless you are comfortable with it being printed to your terminal output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 92% confidence
Finding: The manifest description embeds unrelated promotional referral links for crypto trading and stock platforms, which are not justified by the stated JSON formatting function. This creates a social-engineering and trust-abuse risk because users may be exposed to unsolicited financial links through a developer tool skill, increasing the chance of phishing, affiliate abuse, or deceptive redirection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal