Phishing Detection

Security checks across malware telemetry and agentic risk

Overview

This is a narrow phishing URL checker that sends submitted URLs to an external API, with no hidden code, local access, or persistence found.

Install only if you are comfortable sending checked URLs to the listed third-party phishing-analysis service. Avoid submitting sensitive internal URLs, password reset links, credential-bearing query strings, tracking links, or confidential incident-response targets unless the provider’s privacy and retention practices are acceptable for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to submit arbitrary URLs to an external phishing-analysis service but does not disclose that those inputs are sent to a third party. URLs can contain sensitive data such as internal hostnames, private paths, reset tokens, query parameters, or investigation targets, so silent transmission creates a privacy and data-handling risk.

External Transmission

Medium

Category: Data Exfiltration
Content: # References - **Kong Route:** `https://api.mkkpro.com/security/phishing-detection` - **API Docs:** `https://api.mkkpro.com:8005/docs`
Confidence: 88% confidence
Finding: https://api.mkkpro.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal