Swagger V2 Retrofit Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Swagger-to-Retrofit code generator with user-directed fetching and file output, though users should handle API credentials carefully.

Use this only with Swagger URLs you trust. Prefer test or limited-scope credentials, avoid putting production secrets directly in shell history or CI logs, and write generated output to a chosen path so existing files are not overwritten unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The examples instruct users to pass Basic Auth credentials directly on the command line, which can expose secrets through shell history, process listings, logging, or CI job output. Because the examples use real credential flags without any warning or safer alternative, users are likely to copy insecure usage patterns into sensitive environments.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation shows Bearer tokens and API keys being supplied as command-line arguments, which can leak via shell history, process tables, telemetry, and CI logs. Tokens and API keys are often high-value secrets, so exposing them this way can lead to unauthorized API access and downstream compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal