SSL Certificate Manager

Security checks across malware telemetry and agentic risk

Overview

This certificate-management skill is purpose-aligned, but it can issue certificates and retrieve private keys without clearly documented authentication, authorization, or key-handling safeguards.

Review before installing or using with real domains. Use only for domains you control, verify the provider requires strong authentication and per-domain authorization, start with staging certificates, and prevent agents from printing, logging, or storing private keys outside a secret manager.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documented download endpoint explicitly allows retrieval of `private.key`, which is highly sensitive key material, yet the skill description does not prominently warn users about the risk or prescribe strict handling requirements. In a certificate-management skill, exposing private keys is especially dangerous because compromise of the key enables impersonation of the protected domain and decryption of traffic where forward secrecy is absent or operational misuse occurs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal