Threat Assessment Defense Guide

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate-looking ToolWeb API wrapper, but it can send sensitive security-planning details to a third party without a clear consent step.

Install only if you specifically want ToolWeb-backed threat assessments and are comfortable sending organization-level security context to ToolWeb. Avoid secrets, internal hostnames, live incident details, regulated data, and detailed architecture unless your organization has approved that sharing. Do not run scripts/test-api.sh unless the TLS bypass is removed and the endpoint is confirmed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README describes the skill as usable for broad cybersecurity assessment requests without defining clear trigger boundaries or limits. In an agent ecosystem, vague invocation scope can cause over-activation on sensitive security conversations, increasing the chance that confidential threat models, incidents, or asset details are sent to the skill and its external backend unintentionally.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README instructs users to configure an external API key but does not clearly disclose that prompts and threat-assessment content will be transmitted to a third-party service. Because this skill is specifically designed for cybersecurity planning, users may submit sensitive information such as asset inventories, weaknesses, incident details, and defensive gaps, creating confidentiality and compliance risks if shared without informed consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description is broad enough to trigger on many ordinary cybersecurity questions, causing the skill to activate in situations where users may expect an in-model answer rather than external processing. Because the skill also insists on always calling a third-party API, overbroad routing increases the chance of unnecessary data disclosure and unexpected external transmission.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The workflow instructs the agent to collect potentially sensitive organizational details such as industry, assets, security tooling, and compliance context, then transmit them to an external API without an explicit warning or consent step. Those details can materially aid an attacker, create confidentiality/compliance issues, and expose internal security posture to a third party.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill operationalizes data collection and exfiltration in plain workflow steps, making it easy for an agent to solicit detailed organizational context and forward it externally as part of normal use. Even if intended for legitimate analysis, this pattern increases the risk of oversharing sensitive environment details without adequate review, minimization, or consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal