Keygen

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Keygen administration skill that can make real account changes, but its behavior matches its stated purpose and shows no hidden or deceptive activity.

Install only for agents you trust to administer your Keygen account. Confirm the target and payload before any write, delete, ban, suspend, revoke, ownership, entitlement, or usage-change action, and avoid connecting credentials with broader permissions than needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The action documentation describes how to ban a user but omits any warning that the operation is disruptive and can immediately block account access. In an agent skill context, that omission increases the chance of unsafe or accidental execution because an automated system may treat the action as routine administrative CRUD rather than a high-impact security operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal