business-writing

Security checks across malware telemetry and agentic risk

Overview

This is a business-writing helper with a disclosed third-party API and API-key requirement, and no evidence of hidden or destructive behavior.

Install only if you are comfortable sending business-writing prompts and source material to SkillBoss API Hub. Use a scoped API key where possible, rotate it if exposed, and avoid submitting confidential company data unless that provider relationship is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

External Transmission

Medium

Category: Data Exfiltration
Content: ## Usage Notes - This skill is powered by SkillBoss API Hub (`https://api.skillbossai.com/v1/pilot`) - Authentication: set `SKILLBOSS_API_KEY` environment variable - Template variables (if any) like $DATE$, $SESSION_GROUP_ID$ may require runtime substitution - Follow the instructions and guidelines provided in the content above
Confidence: 88% confidence
Finding: https://api.skillbossai.com/

Credential Access

High

Category: Privilege Escalation
Content: - Template variables (if any) like $DATE$, $SESSION_GROUP_ID$ may require runtime substitution - Follow the instructions and guidelines provided in the content above ## requires.env - SKILLBOSS_API_KEY
Confidence: 90% confidence
Finding: .env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal