Back to skill

Security audit

Wake-up On LAN (WOL) API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real WOL API helper, but it gives an agent broad authenticated access that can read account data or place orders from ambiguous prompts.

Install only if you intend to let an agent use your WOL API token for live WOL account actions. Use explicit WOL-specific prompts, verify WOL_BASE_URL before use, avoid exposing the token in logs, and manually confirm before allowing orders, event registrations, or account-history lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match common user requests like 'place order' or 'check my orders' without clearly scoping them to the WOL service. That can cause unintended skill activation and send authenticated requests or expose account/order data in contexts where the user did not mean to use this integration.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Treating empty `$ARGUMENTS` as a trigger for order history means the skill may default to querying sensitive user account data even when no explicit intent was provided. In an agent setting, ambiguous or missing arguments should not result in authenticated data retrieval by default.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill sends a bearer token to a configurable `BASE_URL` and retrieves personal account, balance, and registration information without any explicit user notice about data transmission or endpoint trust. Because `WOL_BASE_URL` can be overridden, this increases the risk of credentials or personal data being sent to an unintended host.

External Transmission

Medium
Category
Data Exfiltration
Content
**Trigger:** `$ARGUMENTS` contains `products`, or the user asks what is available / what's on the menu.

```bash
curl -s \
  -H "Authorization: Bearer $TOKEN" \
  "$BASE_URL/api/v1/catering/products"
```
Confidence
82% confidence
Finding
curl -s \ -H "Authorization: Bearer $TOKEN" \ "$BASE_URL/api/v1/catering/products" ``` Present the result grouped by category. For each product show: - Name - Price formatted as `€X.XX` (response

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.