Ravi contacts
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only contact-management skill whose access to contacts is disclosed and matches its stated purpose.
Install this only if you want the agent to manage Ravi contacts. Review contact creations, updates, deletions, and any use of the trusted-contact flag, and do not store passwords, API keys, or sensitive notes in contact fields because the skill states contacts are stored in plaintext.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.