Back to skill

Security audit

Cloud Risk Summary

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud-risk summary API wrapper, with the main caution that users may submit sensitive cloud security details to an external service.

Install only if you are comfortable sending cloud exposure summaries to the referenced external API. Redact secrets, credentials, raw customer data, exact internal identifiers, and unnecessary architecture details unless your organization has approved the provider and its data-handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes sending cloud provider, environment, services, and exposure details to an external API but does not warn users that these inputs may contain highly sensitive security posture data. This creates a real data-handling risk because users may unknowingly transmit vulnerability and asset information about production environments to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.