pfSense Hardening

Security checks across malware telemetry and agentic risk

Overview

This is a documented API skill for generating pfSense hardening configurations, with privacy and review caveats but no evidence of hidden code or automatic firewall changes.

Safe to install as an API/documentation skill, but review generated pfSense changes before applying them. Avoid sending real internal user IDs, secrets, detailed topology, or sensitive production identifiers unless you intentionally want the API provider to receive them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents collection and echoing of audit-tracking fields such as sessionId, userId, and timestamp, but does not warn users that these identifiers may be sensitive operational metadata. In a firewall-hardening context, exposing or unnecessarily sharing audit/session data with a third-party API can create privacy, correlation, and operational security risks, especially if logs or responses are retained externally.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The request schema collects sessionId and userId values without any indication of purpose, minimization, or disclosure, which creates unnecessary privacy and tracking risk. In a security-hardening tool context, collecting identifiers can be especially sensitive because requests may reveal infrastructure-security preferences, making correlation of activity to specific users or sessions more damaging if logged, retained, or exposed.

External Transmission

Medium

Category: Data Exfiltration
Content: ## References - Kong Route: https://api.mkkpro.com/hardening/pfsense - API Docs: https://api.mkkpro.com:8131/docs
Confidence: 84% confidence
Finding: https://api.mkkpro.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal