Back to skill

Security audit

gpt5.5free

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal OpenRouter-based tool, but prompts will be sent to the configured external LLM endpoint.

Install only if you are comfortable sending prompts and any included context to OpenRouter or the configured API endpoint. Do not submit secrets, regulated data, or private customer information unless you have reviewed that provider's privacy and retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation tells users to configure an external-service API key and use the package, but it does not clearly disclose that user prompts and any included data will be transmitted to OpenRouter or another third-party endpoint. This creates a real privacy and data-handling risk because users may unknowingly send sensitive prompts or credentials to an external provider under different retention, logging, or jurisdictional policies.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code transmits the user-supplied prompt to a third-party service at OpenRouter, which is an external data boundary. In a skill context, users may reasonably assume local processing unless clearly informed, so sensitive prompts could be disclosed to an external provider without meaningful notice or consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/index.js:6