CardSnap

Security checks across malware telemetry and agentic risk

Overview

CardSnap is a clearly described API skill for creating and managing digital business cards, with privacy and authentication details users should verify before use.

Before installing, confirm the publisher and API host, review the service’s privacy and retention practices, and only submit contact details or analytics events you are authorized to share. Use extra care with update and delete operations because they can change or remove stored card data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly documents collection of personal contact data and engagement analytics, but provides no privacy notice, consent expectations, retention details, or access-control guidance. In a skill that handles personally identifiable information and behavioral tracking, this omission increases the risk of improper collection, disclosure, or noncompliant use of personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal