Geokeo

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed API-integration workflow, but users should be careful with write or delete actions through its proxy interface.

Install only if you trust the integration provider and understand that proxy requests can change or delete connected service data. Prefer built-in read/list actions first, review OAuth or API scopes, and require explicit confirmation before write, delete, or bulk operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents a generic proxy interface that supports mutating methods including DELETE, POST, PUT, and PATCH, but provides no guardrails requiring user confirmation before destructive operations. In an agent context, this increases the risk of unintended data modification or deletion because the model is given a powerful low-level primitive without safety constraints.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal