GC Provider Install

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GrowthCircle provider setup guide with expected credential and configuration steps, and no evidence of hidden or unrelated behavior.

Install this only if you intend to configure GrowthCircle as an AI provider. Review the commands before running them, especially plugin install/update, gateway restart, migration, and plugins.allow changes, and keep GROWTHCIRCLE_API_KEY in a private environment variable or credential store rather than pasting it into chats, logs, screenshots, or code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill enables implicit invocation without defining narrow activation triggers or scope constraints, which can cause the agent to invoke this installer/configuration skill in response to loosely related requests. Because the skill performs provider installation and configuration for external AI services, unintended invocation could change provider settings, connect credentials, or steer users into configuration flows they did not explicitly request.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal