Ntriq X402 Pii Detect Batch

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for a paid remote PII-detection API, with the main risk being that submitted text and a payment authorization go to the provider.

Install only if you are comfortable sending selected text to x402.ntriq.co.kr and paying $6 USDC per batch. Do not submit regulated, confidential, or third-party data unless you have approval and have checked the provider's privacy, logging, retention, and deletion practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs users to POST raw text to a remote HTTPS endpoint for PII detection, but it does not clearly warn that sensitive user content, including PII, leaves the local environment and is sent to a third-party service. In a privacy-focused skill, this omission can mislead users into exposing regulated or confidential data under the assumption that processing is local or privacy-preserving, especially given the marketing language about '100% local inference on Mac Mini.'

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal