OT Security Assessment

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ToolWeb API wrapper for OT/ICS security scorecards, with sensitive data-sharing risk but no evidence of hidden behavior or unrelated access.

Install only if you trust ToolWeb and are comfortable sending OT/ICS assessment details to its API. Use a dedicated API key, avoid submitting facility-identifying or highly detailed production data unless necessary, and confirm the vendor's retention and privacy practices before using real critical-infrastructure information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs sending detailed OT/ICS security assessment inputs to a third-party API without requiring a clear user-facing notice, consent step, or data minimization. In this context, the transmitted data can reveal sensitive information about industrial control system weaknesses, compliance gaps, and critical infrastructure posture, which materially increases confidentiality and targeting risk if shared externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal