Agent Api Stability Sentinel

Security checks across malware telemetry and agentic risk

Overview

This is a coherent API testing skill, but it pushes broad live testing without enough guardrails for production systems, credentials, rate limits, or state-changing endpoints.

Install only if you want an agent to perform active API compatibility testing. Before using it, define the exact approved endpoints, use staging or sandbox systems by default, provide only least-privilege test credentials and synthetic data, and explicitly forbid destructive, load-like, or production requests unless separately approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill mandates live HTTP testing with real payloads and 'every endpoint' without any safety boundaries for production environments, destructive operations, or sensitive data handling. In an agentic setting, this can drive unsafe actions against real systems, causing service disruption, data modification, privacy exposure, or unintended interaction with third-party services.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instruction to test authentication and rate-limiting flows omits safeguards for credential use, account lockouts, token exposure, and rate-limit abuse. An autonomous agent following this guidance could mishandle secrets, trigger defensive controls, or impact real user accounts and service availability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal