Enterprise AI Security Controls Assessment

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for running an external AI security assessment, with no local code execution, but users should be careful about sending sensitive security details to ToolWeb.

Before installing, confirm you want the AI security assessment described in SKILL.md rather than the OT/ICS wording in the registry summary. Use a dedicated ToolWeb API key, submit only security details you are authorized to share with ToolWeb, and review the provider’s privacy and retention terms before sending detailed control gaps or internal architecture information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill solicits sensitive organizational security posture data, including gaps in identity, prompt injection defenses, and API security, and provides a third-party API endpoint where the assessment is run. However, it does not clearly disclose that this information will be transmitted off-platform to an external service, which creates a confidentiality and informed-consent risk. In this context, the omission is especially concerning because the data being collected could materially aid attackers if exposed or misused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal