Cisco Firewall Hardening

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward third-party API wrapper for generating Cisco firewall hardening configurations, with a privacy note around request identifiers.

Before installing, treat this as a third-party hosted API integration. Use pseudonymous session IDs, leave userId null where possible, and review generated firewall configs manually before applying them to production devices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documentation explicitly includes `sessionId`, `userId`, and `timestamp` for tracking and audit purposes, but provides no privacy notice, data minimization guidance, retention details, or warning about sending potentially identifying data to a third-party API. In a security tooling context, these fields can become sensitive metadata that links operators, sessions, and activity timelines, increasing privacy and operational security risk if logged, shared, or retained improperly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal