Aade Api Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for AADE monitoring, but it asks for sensitive tax credentials and describes client notifications, calendar updates, and submission-workflow delays without clear approval boundaries.

Review this skill before installing. Use least-privileged AADE credentials, store secrets securely, avoid configuring Slack/SMS/calendar outputs until recipients and data contents are approved, require human approval before client notifications or submission workflow changes, and install jq/curl separately through a trusted administrator process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Chaining Abuse

High

Category: Tool Misuse
Content: export OPENCLAW_DATA_DIR="/data" export AADE_USERNAME="your-aade-username" export AADE_PASSWORD="your-aade-password" which jq curl || sudo apt install jq curl ``` AADE credentials are used for authenticated read-only checks of announcements, rate changes, and system status. This skill never submits filings.
Confidence: 97% confidence
Finding: | sudo

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal