Back to skill

Security audit

NordVPN

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only NordVPN helper whose network-changing abilities are disclosed and match its VPN-control purpose.

Install this only if you want an agent to operate your local NordVPN CLI. Complete login manually, verify the NordVPN binary comes from a trusted source, and review connect/disconnect, settings, killswitch, and allowlist changes before allowing them because they can affect connectivity and privacy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill enables VPN connection changes and configuration changes that can materially affect network routing, privacy posture, and reachability, but it does not foreground those consequences in the top-level description. In an automation context, a caller may invoke this skill without realizing it can reroute traffic, interrupt sessions, or alter security settings such as kill switch behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The allowlist section gives concrete commands to bypass the VPN for ports or subnets but omits a clear warning that exempted traffic will no longer be tunneled or protected by the VPN. In practice, this can create privacy leaks or expose services unexpectedly, especially if an automation adds broad subnets such as local networks without operator awareness.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
### Recommended “actions” (API surface)

Implement these as the skill’s callable intents/tools:

* `status()` → returns parsed connection status
* `connect_best()` → connects to best available
Confidence
82% confidence
Finding
tools: *

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.