Anthropic Chat

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Anthropic API wrapper that uses the user's Anthropic API key and sends task text to Anthropic, with no evidence of hidden persistence or unrelated access.

Install only if you intend to send prompts to Anthropic with your own API key. Use a restricted key with spending limits, avoid sending secrets or regulated data unless approved, and note that the helper appears to reference an undeclared TASK variable, so it may need runtime wiring to work correctly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly says it will automatically send the user's task to Anthropic using the user's API key, but it does not warn that task contents will be transmitted to a third-party service. This can lead users to unknowingly send sensitive prompts, secrets, or proprietary data off-platform, creating confidentiality and compliance risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal