Subdomain Enumerator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed subdomain-enumeration API skill, but it should only be used for domains the user is allowed to assess.

Install only if you need subdomain reconnaissance and are comfortable sending target domains to the external API provider. Use it only on domains you own or have explicit permission to test.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill facilitates subdomain enumeration, which is a reconnaissance capability commonly used against third-party infrastructure. Without an explicit authorization-only warning, users may be encouraged to probe domains they do not own or have permission to assess, increasing the risk of misuse and unauthorized scanning. In this context, the security-focused purpose of the skill makes the omission more dangerous because the most natural use involves external targets.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal