Back to skill

Security audit

Llm Models

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent helper for using external LLM models through inference.sh/OpenRouter, with install and privacy risks users should understand.

Before installing, prefer the manual or checksummed install path if available and review the installer source. Treat all prompts, system messages, files, and generated task context sent through this skill as data shared with OpenRouter/inference.sh and possibly downstream model providers; avoid secrets, private credentials, regulated data, or proprietary code unless that use is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description includes very broad trigger phrases such as 'language model', 'chat api', 'openai alternative', and multiple vendor/model names, which can cause the skill to match generic AI-related user requests far beyond its narrow function of routing requests through OpenRouter via infsh. Overbroad matching increases the chance this skill is invoked unexpectedly, exposing users to remote API usage and shell-based installation flows when they did not explicitly request this provider or toolchain.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to install a CLI and send prompts to OpenRouter-hosted models, but it does not clearly warn that prompts, system messages, and other inputs are transmitted to external third-party services. In an agent context, this omission is risky because users may provide sensitive data assuming local processing, resulting in unintentional disclosure to remote providers and any downstream model vendors used through OpenRouter.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.