IntoDNS.ai

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it checks DNS and email security through IntoDNS.ai, with normal privacy considerations for external domain scans.

Use this for public domains you are comfortable sending to IntoDNS.ai. Avoid private, internal, customer-sensitive, or incident-response targets unless external disclosure is intended. Only run the optional MCP setup if you trust the external intodns-mcp package, and create snapshots only when you want stable point-in-time evidence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill directs the agent to perform live scans against user-supplied domains by default, but it does not instruct the agent to disclose that the query will contact a third-party service and expose the target domain to that service. This creates a privacy and operational-risk issue because users may provide internal, sensitive, or customer domains expecting local analysis, and the skill only partially mitigates this by saying not to scan private hostnames unless explicitly public.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal