Agentsecly Ai Agent Security

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed ToolWeb API wrapper for AI-agent security assessments, with the main caution that user-provided security details are sent to ToolWeb.

Install only if you are comfortable sharing the assessment details you provide with ToolWeb. Avoid including secrets, customer data, exact internal architecture, or sensitive incident details unless your organization has approved that use and reviewed ToolWeb's data-handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly requires sending detailed user-supplied security assessment data to a third-party API and tells the agent to always do so, but it does not require clear user consent or a warning that the data will leave the local environment. Because the content may include sensitive architecture, threats, controls, environments, or incident details, this creates a real confidentiality and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal