Back to skill

Security audit

Privacy Tool

Security checks across malware telemetry and agentic risk

Overview

This is a coherent manual privacy-check skill, with the main caveat that its public-IP check contacts a third-party service.

Before running the quick-start commands, review each command and run only what applies to your system. The public-IP check contacts ipinfo.io, so use it only if you are comfortable sharing your IP address and request metadata with that service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to query an external service (`ipinfo.io`) to check public IP/geolocation, but it does not clearly warn that doing so discloses the user's IP address, user agent, and request metadata to a third party. In a privacy-focused skill, this omission is especially problematic because users may reasonably expect recommendations to minimize data disclosure rather than create an additional outbound privacy exposure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.