ARES Business Registry (CZ)

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Czech ARES registry lookup skill with expected network access and a small local cache, and no hidden or destructive behavior found.

Install only if you are comfortable sending business lookup terms such as ICO, name, city, or NACE filters to the Czech ARES service. Be aware that the skill creates a small local cache for legal-form names, and use the default ARES endpoint unless you intentionally trust a custom --base URL.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documentation states that legal-form decoding uses a remote POST request and writes a cache file locally, but it does not clearly warn users that inputs may be transmitted to an external service or that local state will be created under .cache. While this is not inherently malicious, insufficient disclosure can lead to privacy surprises, policy violations, or unintended persistence in restricted environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal