Website Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed website-auditing helper, with normal privacy cautions because it fetches webpages and returns raw HTML.

Install only if you are comfortable with the agent fetching target webpages, returning full page HTML in results, and optionally sending audited URLs to Google PageSpeed. Avoid private/internal URLs unless you intend their contents to enter the agent workflow, treat returned HTML as untrusted input, use a restricted PageSpeed API key, and consider pinning the listed Python dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: This skill performs outbound requests to arbitrary user-supplied URLs and stores full raw HTML, but the description does not clearly disclose that behavior. In agent settings, that can create privacy and compliance risk because sensitive internal URLs may be fetched and full page contents may be retained or passed to downstream skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal