Security audit

Cloud Risk Summary

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud-risk summary API wrapper, with the main caution that users may submit sensitive cloud security details to an external service.

Install only if you are comfortable sending cloud exposure summaries to the referenced external API. Redact secrets, credentials, raw customer data, exact internal identifiers, and unnecessary architecture details unless your organization has approved the provider and its data-handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill describes sending cloud provider, environment, services, and exposure details to an external API but does not warn users that these inputs may contain highly sensitive security posture data. This creates a real data-handling risk because users may unknowingly transmit vulnerability and asset information about production environments to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.