URL Preview

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it says: it fetches shared public web links to show a short preview, with no code, install scripts, credentials, or persistence.

Install this if you want automatic link previews. Avoid using it on private, internal, or sensitive URLs, because generating a preview sends a live request for the link and may reveal timing, interest, or network metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill is configured to trigger on essentially any shared HTTP/HTTPS URL, causing automatic network retrieval of user-provided links without meaningful scope limits or explicit confirmation. This can expose the agent to fetching attacker-controlled URLs, including internal endpoints or tracking links, and increases the chance of unintended outbound requests whenever a URL appears in chat.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to fetch shared URLs over the network but does not warn the user that opening a preview will cause a live request to the target site. This can leak metadata such as IP, timing, and user interest to third parties, and may surprise users who expected analysis without contacting the site.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal