PC*Miler

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only PCMiler API helper; it sends route or address data to PCMiler when used, with no hidden execution or persistence found.

Install only if you are comfortable giving the agent access to a PCMiler API key and sending route stops, coordinates, or addresses to PCMiler. Use a dedicated key where possible and avoid submitting sensitive personal or operational locations unless the provider's handling terms are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documentation instructs users to send addresses and route stop coordinates to an external third-party API, but it does not clearly warn that potentially sensitive location data will leave the local environment. In a routing/geocoding context, addresses and route paths can reveal personal, operational, or business-sensitive information, so missing disclosure increases the risk of unintended data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal