Back to skill

Security audit

ip-query

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward public-IP lookup skill, with the main risk being that using it contacts external IP services that can see the user's public IP.

Install only if you are comfortable with public-IP lookup requests going to third-party providers such as IP and geolocation services. Prefer invoking it only when you intentionally want an IP lookup, especially for detailed results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill advertises auto-activation on broad phrases like "查询IP", "当前IP", and English variants such as "my ip", which can overlap with ordinary conversation and cause unintended invocation. In this context the action is low risk, but accidental triggering can still disclose the user's public IP to third-party APIs and create privacy exposure without clear intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script contacts multiple third-party services to discover and display the user's public IP and, in detailed mode, retrieves geolocation and network metadata from ipinfo.io. Even though the purpose is to query public IP information, the help text does not clearly warn users that their IP and related metadata will be disclosed to external providers, which creates a privacy risk and weakens informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.