Riley AI Visibility

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, disclosed AI-visibility lookup helper that uses paid external x402 GET endpoints, with no executable code or hidden persistence found.

Install only if you want agents to query a third-party AI-visibility service. Review ambiguous activations before spending, especially for broad terms like GEO or AI visibility, and make sure your x402 wallet or payment client has limits you are comfortable with.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains broad phrases such as "does AI recommend," "AI visibility," and "geo audit," which can match normal user conversation outside the narrow intended use case. Overbroad routing can cause this skill to activate unexpectedly, leading an agent to make external paid x402 requests, disclose user queries to a third-party service, or steer workflows toward this skill when another tool would be more appropriate.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal