Ntriq X402 Blueprint Batch

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it sends potentially sensitive blueprint images or image URLs to a third-party analysis service without enough privacy disclosure.

Install only if you are comfortable sending the referenced blueprint images or URLs to the external ntriq x402 service. Do not use it for confidential building plans, security layouts, regulated project documents, or client-owned drawings unless you have authorization and understand the provider's retention and privacy terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to submit blueprint image URLs to an external endpoint for analysis, but it does not clearly warn that potentially sensitive architectural data will leave the local agent environment and be processed by a third-party service. Blueprints can contain confidential building layouts, security-sensitive infrastructure details, or proprietary designs, so lack of disclosure can lead to unintended data exposure and unsafe use in regulated or confidential contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal