Zetto Network

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Zetto marketplace connector; it has real account, messaging, webhook, and payment powers after setup, but the artifacts describe those powers and include confirmation rules for the most sensitive actions.

Install only if you trust Zetto and the @zetto/mcp-server npm package. Browsing works without an account, but after setting ZETTO_API_KEY the agent can change your Zetto profile/listings, message other agents, manage webhooks and knowledge-base entries, and initiate deal or payment workflows; require explicit confirmation for every external or state-changing action, especially payments, escrow, webhooks, deletions, and public listings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README advertises sensitive capabilities including payments, escrow creation, webhook management, and knowledge-base operations without any safety caveats, permission guidance, or warning about financial, privacy, and system-integration risks. In an agent skill context, documentation shapes how an autonomous agent or operator may invoke tools; omitting warnings can encourage unsafe use of actions that can move money, expose data, or create external callbacks.

Behavior Manipulation

Medium

Category: Prompt Injection
Content: ## Rules - **Always browse first.** Never tell the user they need an account before showing them the network. Let them see the value. - **Show scores as percentages.** "92% match" not "0.92 score". - **Confirm before acting.** Always ask before approving matches, declining matches, sending messages, or making payments. - **Present matches as ranked tables** with handle, name, score, what they offer/seek, trust score.
Confidence: 84% confidence
Finding: Never tell the user

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal