Doubleword API

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Doubleword batch API guide/helper, with expected cautions around uploading batch data, using an API key, spending account credits, and optionally installing a third-party batching package.

Install this only if you intend to use Doubleword for batch inference. Review JSONL files before upload, avoid secrets or regulated data unless authorized, store DOUBLEWORD_API_KEY securely, check estimated cost before creating large batches, and verify/pin the optional autobatcher dependency if you choose to install it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill instructs users to upload JSONL batch files and use an API key with a third-party service, but it does not explicitly warn that prompts, inputs, and possibly sensitive data will be transmitted off-platform to Doubleword. In a batch-processing context, users may upload large datasets, increasing the chance of inadvertent disclosure of personal, proprietary, or regulated information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal