Oasyce Vault

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local file-inventory skill, but users should scan only intended folders and verify the external Python package before installing it.

Install only if you trust the Python package source. Use a virtual environment, scan a specific folder rather than a broad home or work directory, consider --no-recursive for sensitive locations, and review any text or JSON reports before sharing them or using the optional Oasyce registration workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill encourages recursive directory scanning by default but does not warn that this can enumerate sensitive personal, corporate, or secret files well beyond the user’s intended scope. In a data-inventory skill, that omission is security-relevant because users may run broad scans on home or work directories and expose metadata about confidential assets in reports or follow-on workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal