Back to skill

Security audit

Cyber Kill Chain

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented security assessment API with no executable install behavior, but users should treat submitted assessment details as sensitive.

Install only if you are approved to share the relevant security assessment details with this provider. Redact secrets, credentials, exploit paths, internal hostnames, detailed architecture notes, and unnecessary remediation details, and review the provider's data retention and access policies before submitting sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill asks users to submit detailed security assessment data about organizational controls, gaps, and remediation status, but provides no warning about sensitivity, retention, sharing, or handling of that data. Because this content concerns an organization's defensive posture, transmitting it to a third-party API could expose high-value internal security information if users assume the skill is purely analytical and safe to share with.

External Transmission

Medium
Category
Data Exfiltration
Content
## References

- **Kong Route:** https://api.mkkpro.com/security/cyber-kill-chain
- **API Docs:** https://api.mkkpro.com:8043/docs
Confidence
81% confidence
Finding
https://api.mkkpro.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.