Chainletter CredCLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent CredCLI guide for creating, uploading, stamping, and emailing credentials, with expected but privacy-sensitive issuance steps.
Before installing, verify you trust the external @credcli/cli package and use a least-privilege Chainletter token. Choose public issuance only when recipients consent and the credential contents are appropriate for public verification/IPFS; otherwise use private mode. Prefer allowlisting only *.chainletter.io and *.clstamp.com, and avoid passing real SMTP passwords in visible command history or shared sessions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
58/58 vendors flagged this skill as clean.