deepwiki

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DeepWiki helper, but users should know their repository queries and questions are sent to SkillBoss/HeyBossAI.

Install only if you are comfortable sending repository names, requested wiki paths, fetched public documentation, and your questions to SkillBoss/HeyBossAI. Do not use it with confidential prompts, private repository names, secrets, or regulated data unless you have reviewed the provider's data-handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to send repository questions through SkillBoss API Hub and notes web scraping/LLM processing, but it does not prominently warn that repository queries and retrieved documentation are transmitted to third-party services. This can lead users to unknowingly disclose sensitive prompts, internal repository names, or other metadata to external processors.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal