Klaus IOC Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward IOC reputation scanner, but users should avoid scanning private links or tokens because indicators are sent to VirusTotal and AbuseIPDB.

Install if you want a command-based IOC scanner and are comfortable providing dedicated VirusTotal and AbuseIPDB API keys. Before scanning, remove session tokens, private query parameters, internal hostnames, or confidential URLs, and consider narrowing the trigger phrases in your agent configuration so the skill runs only on explicit IOC scan requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad enough to match many ordinary user requests about checking links, domains, or IPs, which can cause the skill to activate more often than intended. In a user-invocable security skill that may call external reputation services with sensitive indicators, overbroad activation can lead to unnecessary data disclosure to third-party APIs, user confusion, and unintended use of paid/rate-limited services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal