Threat Actor OSINT Profiling

Security checks across malware telemetry and agentic risk

Overview

This is a coherent threat-intelligence OSINT skill, but users should know its lookups can send actor names and indicators to third-party services.

Install only if you are comfortable using third-party OSINT services and providing the relevant API keys. Avoid submitting confidential, regulated, or active-investigation indicators unless you have approval and understand each provider's logging and data-sharing practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documentation omits any warning that example steps transmit actor names, domains, IPs, or other indicators to external services such as OTX, VirusTotal, and Shodan, and also save profile artifacts locally. In a threat-intelligence context, these indicators may be sensitive or investigative, so silent disclosure can leak ongoing investigations or regulated data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal