AgentRef

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only AgentRef REST API skill that discloses its API-key use and tells the agent to confirm business-impacting writes before sending them.

Install only if you trust AgentRef with the API key you provide. Prefer a dedicated least-privilege key, use read-only scopes for inspection, and grant write scopes only when you are comfortable confirming actions like program changes, affiliate blocking, flag resolution, or payout creation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - Method: `POST` - Path: `/api/v1/programs` - Purpose: Create a new program. - Important inputs: JSON body with `name`, `commissionType`, `commissionPercent`; optional `description`, `website`, `landingPageUrl`, `cookieDuration`, `payoutThreshold`, `payoutFrequency`, `autoApproveAffiliates`, `portalSlug`, `currency`; supports `Idempotency-Key` - Important outputs: Created program record - Risks / write access: Write. Creates a new program and should only happen with explicit user confirmation.
Confidence: 85% confidence
Finding: autoApprove

Tool Parameter Abuse

High

Category: Tool Misuse
Content: - Important outputs: Updated program record - Risks / write access: Write. This can change live program behavior, visibility, or payout rules. Read the program first and confirm the exact patch. ### DELETE /api/v1/programs/{id} - Method: `DELETE` - Path: `/api/v1/programs/{id}`
Confidence: 80% confidence
Finding: DELETE /api/v1/programs/{id}

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal