asndurl

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for autonomous agent payments, but it gives an agent real spending authority and optional automatic top-ups without requiring explicit approval for each paid action.

Install only if you trust Ampersend and intentionally want an agent to make paid requests. Use the smallest practical per-transaction, daily, and monthly limits, avoid --auto-topup unless you fully understand the funding path, prefer --inspect before paid fetches, and keep dashboard approval in a browser the agent cannot access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly enables autonomous payments and mentions spending limits and auto-topups, but it does not clearly instruct the agent to obtain explicit user confirmation before initiating paid requests or enabling top-up behavior. In an agent setting, this can lead to unexpected irreversible financial actions, especially when `fetch` may automatically satisfy payment requirements.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal