Workspace Explorer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives remote browser-based access to a local workspace through a public tunnel and relies on external runtime code that is not included in the reviewed package.

Install only if you intentionally want a trusted person to inspect or interact with a workspace remotely. Review the external repository and start script first, serve the smallest possible sanitized directory, remove secrets and credentials, share the URL and password only with the intended recipient, and stop the tunnel immediately when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is explicitly designed to expose an entire local workspace through a public Cloudflare URL and then share the URL and password. Even if access is password-protected and temporary, this materially increases the risk of unintended disclosure of source code, secrets, config files, environment files, or proprietary data, and the SKILL.md does not present strong privacy warnings, scope limitations, or guidance on sanitizing the shared workspace before exposure.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal