Abyssale

Security checks across malware telemetry and agentic risk

Overview

The available evidence points to a normal Abyssale API integration, with a privacy note about data sent to the service.

Before installing, assume content you ask the skill to process may be sent to Abyssale. Avoid providing secrets, credentials, personal records, or confidential business data unless you intend to share it with that service and are comfortable with its policies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to send direct proxy requests to the external Abyssale API without any warning or consent guard about transmitting user-provided data to a third party. In an agent setting, this increases the chance that sensitive prompts, records, or generated content are forwarded externally without the user realizing it, especially when proxy requests are used as a fallback outside prebuilt actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal