LegiScan Bill Search

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it searches LegiScan bills using a user-provided API key and prints matching bill summaries.

Install only if you are comfortable providing a LegiScan API key and sending your selected state and keyword searches to LegiScan. Avoid sharing command logs or traces that might include full request URLs, install requests from a trusted source, and only configure cron if you intentionally want recurring searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The API key is embedded in the request URL, which increases the chance of credential exposure through logs, proxies, browser/history-equivalent tooling, exception traces, or monitoring systems that capture full URLs. Even over HTTPS, query-string secrets are commonly retained in operational telemetry, making accidental disclosure more likely.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal