Sentio Platform

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Sentio administration helper, but it should be used carefully because it can operate on real projects with account credentials.

Install only if you want an agent to help manage Sentio resources. Use a least-privilege Sentio credential, avoid pasting secrets into chat or shared terminals, consider pinning the CLI version for sensitive work, and require explicit confirmation before deletes, imports, processor pause/stop, project changes, simulations, account-linking, or any AI-generated query execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill metadata says it is for Sentio project building, troubleshooting, SQL, alerting, and dashboards, but the OpenAPI spec also exposes generic AI chat/session endpoints. That broadens the tool surface beyond the declared purpose and could let an agent open unrestricted AI interactions or automated query-generation flows that bypass the tighter project-operation scope users would expect.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The spec exposes extensive fork management, transaction simulation, call tracing, and transaction search capabilities that materially exceed the stated project-management use case. These endpoints can reveal sensitive blockchain debugging data, enable state override simulations, and perform powerful actions an end user may not realize this skill can invoke, increasing the risk of unauthorized recon, misuse, or costly operations.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: Coin and price management endpoints, including coin addition and batch price retrieval, are not clearly justified by the skill's described Sentio project-operations scope. Their inclusion increases attack surface and may allow an agent to perform unintended data operations or external asset lookups that the user did not authorize through this skill's stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: A user account linking/session creation endpoint is unrelated to routine Sentio project operations and introduces identity and account-association risk. Exposing account-link flows through a broad project-management skill could let an agent initiate sensitive auth-adjacent actions that users would not expect, potentially facilitating phishing-like flows or unauthorized linking attempts.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the operator to provide an API key on the command line and later notes bearer token support, but it gives no warning about credential sensitivity, shell history exposure, process-list leakage, or safer alternatives. In a platform-management skill that can query data and modify alerts, dashboards, endpoints, and processors, normalizing direct credential pasting increases the chance of accidental secret disclosure and account compromise.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents destructive operations such as alert deletion, endpoint deletion, project deletion, processor pause/stop, and dashboard import/update actions without cautionary language, precondition checks, or confirmation guidance. Because this skill is specifically for operating production Sentio projects, these commands could be used accidentally or by a manipulated prompt to disrupt monitoring, destroy configuration, or cause loss of visibility.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The alert-rule delete endpoint is destructive, yet the spec provides no warning or confirmation guidance for callers. In an agent setting, that omission makes accidental or prompt-induced deletion more likely, especially because deletes can remove monitoring coverage and hide operational or security signals.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Deleting dashboards can remove important visibility into project health or incident response workflows, but the API description does not signal permanence or require confirmation. In a tool-using agent, missing guardrails around destructive operations increases the chance of accidental or socially engineered deletion.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: Fork deletion is an irreversible state-changing operation, but the API spec gives no cautionary guidance. Because forks may contain valuable debugging context or team workflows, an agent could delete them without the user appreciating the consequence, causing operational disruption or loss of investigative state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal