NIST CSF Mapper

Security checks across malware telemetry and agentic risk

Overview

This is a coherent NIST CSF mapping skill that documents use of a third-party API, but users should treat the submitted security-posture details and API key as sensitive.

Before using this skill with real company data, verify ToolWeb.in's privacy and retention terms, use a dedicated API key, avoid hardcoding or logging the key, and redact details you would not want sent to a third-party compliance API.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill asks users to provide detailed information about their security controls, tooling, incident response, business continuity, and regulatory posture, and later reveals that this data is sent to an external API. Without an upfront warning and clear data-handling notice, users may unknowingly disclose sensitive internal security posture information to a third party, increasing exposure and compliance risk.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The authentication section tells users to pass an API key and send assessment data to a third-party endpoint but does not warn about secure API key handling or the sensitivity of the transmitted security assessment data. This can lead to accidental credential leakage, misuse of privileged API access, or inappropriate submission of sensitive compliance information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal