Agentdevx Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed hosted API gateway integration, but using it means sending API calls, credentials, and saved memory to AgentDevX.

Install only if you are comfortable routing API requests, tool payloads, credentials, and saved memory through AgentDevX. Prefer test or least-privilege credentials, avoid regulated or unnecessary sensitive data, and review AgentDevX retention, deletion, and access-control policies before storing production secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly encourages storing secrets and sending authenticated requests to a third-party gateway, but it does not warn users that API keys, memory contents, and other sensitive data will leave the local environment and be handled by an external service. This creates a real risk of accidental disclosure of credentials or sensitive business data, especially because the examples normalize uploading live secrets such as Stripe keys.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal