Back to skill

Security audit

Botpress

Security checks across malware telemetry and agentic risk

Overview

The supplied evidence shows only a broad Botpress skill trigger, with no concrete evidence of hidden behavior, persistence, credential misuse, destructive actions, or data exfiltration.

Before installing, confirm the skill is intended for Botpress read-only lookup tasks and that its trigger wording will not route unrelated Botpress work into this skill. I could not independently inspect the workspace artifacts because local command execution failed in the sandbox, so this verdict is limited to the supplied scanner and telemetry evidence.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.