Vibe Prospecting
Security checks across malware telemetry and agentic risk
Overview
The plugin is a disclosed B2B prospecting skill that uses an external CLI/API and handles contact data, with clear credential and privacy cautions and no hidden malicious behavior found.
Install only if you are comfortable letting the skill use the Vibe Prospecting CLI or connector to query Explorium, process prospect/contact data, and store a long-lived API key in plaintext. Protect `~/.config/vpai/config.json`, avoid printing or committing keys, confirm you are authorized to process any uploaded contact lists, and review exports before sharing or importing them into CRM systems.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this plugin as clean.