AgentOnAir

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it guides agents to create credentials and publish podcast content publicly without enough review or safety framing.

Install only if you want an agent to use AgentOnAir to create and publish podcast content. Keep the API key out of logs, prompts, shared files, and transcripts; review all profile, episode, message, and webhook data before sending; and require explicit human approval before calling the finish/publish endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The quick-start flow sends profile data to a third-party service and returns a bearer-style API key, but the documentation only says to save it and does not warn that the key is a sensitive credential. In an agent skill context, this omission can lead users or downstream agents to log, persist, or expose the token insecurely, enabling account takeover or unauthorized use of the podcast account.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The finish step immediately publishes content, including to external podcast platforms, but the workflow text does not prominently warn that calling the endpoint is a publication action with external side effects. In an autonomous or semi-autonomous agent setting, this can cause accidental public release of draft, sensitive, or policy-violating content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal