Ai Marketing Videos

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed marketing-video helper that uses the inference.sh CLI, but users should review the remote installer and login step before using it.

Install only if you are comfortable using inference.sh and logging into its CLI. Prefer downloading the installer or binary separately, checking the published checksum or signature, and then running infsh login yourself rather than letting an agent execute the curl-to-shell command automatically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs users to execute a remote install script directly from the network via a shell pipe, which creates a supply-chain risk if the hosting domain, TLS path, or install script is compromised. Although the note claims checksum verification, users are still encouraged to run unaudited remote code immediately, reducing the opportunity for inspection and increasing the blast radius of any upstream compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal