Isp Throttle Detective

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like a disclosed ISP speed-testing and logging tool, with expected network use and optional scheduling.

Install if you want active bandwidth testing and local speed history. Expect real upload/download traffic, persistent local logs, and possible recurring background tests only if you set up the provided scheduler; do not point custom endpoints at private, workplace, or untrusted hosts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The script allows a config file to override endpoints with arbitrary URLs, which expands the skill from a bounded speed-test tool into a generic network fetcher. In an agent context, this can be abused for unintended outbound connections, internal network probing, or contacting attacker-controlled hosts while appearing to perform benign speed tests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal