Easy run test

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed API and load-testing helper, but it should only be used on authorized targets with non-sensitive test data.

Install only if you trust the basjoofan GitHub release source. Use this skill only against systems you own or have explicit permission to test, keep load settings within approved limits, and do not include secrets, tokens, private customer data, or sensitive local files in request bodies or multipart upload examples.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill is triggered by very broad terms like API testing, performance testing, load testing, and HTTP testing without defining authorization, target ownership, or safe-use boundaries. In an agent setting, this can cause the skill to be invoked for potentially unauthorized scanning or stress testing against third-party systems, increasing the risk of misuse.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation encourages HTTP requests and demonstrates multipart file uploads from local paths, but it does not warn that data will be transmitted to remote hosts or that local files may be read and sent. In an agent workflow, this omission can lead to accidental exfiltration of sensitive local data or unintended interaction with external systems.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal