LMfiles.com file hosting

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward lmfiles.com file-hosting helper; the main risk is that uploaded files become publicly reachable by link.

Install only if you trust lmfiles.com with the files you choose to upload. Keep LMFILES_API_KEY and LMFILES_BOOTSTRAP_TOKEN secret, prefer environment variables over command-line token arguments, and do not upload credentials, private documents, or anything you would not want accessible through a public link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash export LMFILES_BOOTSTRAP_TOKEN="<bootstrap-token>" curl -sS -X POST https://lmfiles.com/api/v1/accounts/register \ -H "Content-Type: application/json" \ -d '{"username":"my-bot","bootstrap_token":"'"$LMFILES_BOOTSTRAP_TOKEN"'"}'
Confidence: 84% confidence
Finding: curl -sS -X POST https://lmfiles.com/api/v1/accounts/register \ -H "Content-Type: application/json" \ -d '{"username":"my-bot","bootstrap_token":"'"$LMFILES_BOOTSTRAP_TOKEN"'"}' # Copy api_key fr

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal