Security audit
Botpress
Security checks across malware telemetry and agentic risk
Overview
The supplied evidence shows only a broad Botpress skill trigger, with no concrete evidence of hidden behavior, persistence, credential misuse, destructive actions, or data exfiltration.
Before installing, confirm the skill is intended for Botpress read-only lookup tasks and that its trigger wording will not route unrelated Botpress work into this skill. I could not independently inspect the workspace artifacts because local command execution failed in the sandbox, so this verdict is limited to the supplied scanner and telemetry evidence.
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
