Radon AI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent React Native debugging skill, but its network and app-inspection tools can expose sensitive development data to the agent.

Install this only if you trust your local Radon IDE extension. Use it mainly with development or test sessions, and avoid asking the agent to inspect network request details when traffic may include production credentials, cookies, API keys, or real user data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly exposes network inspection capabilities, including request headers and bodies, but does not warn that these may contain secrets such as authorization tokens, session cookies, API keys, or personal data. In an agent context, this increases the risk that an assistant may retrieve, summarize, or disclose sensitive traffic without the user understanding the privacy implications.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal