payrail402
Security checks across malware telemetry and agentic risk
Overview
This skill transparently sends AI-agent transaction records to PayRail402 for spend tracking and does not show hidden local access or unrelated behavior.
Install this only if you want PayRail402 to receive and store your agent's transaction metadata. Keep the API key or webhook token private, use the least-privileged auth method that fits your setup, keep baseUrl on the official HTTPS service, and avoid sending sensitive account or customer details in transaction descriptions unless needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.