AlphaMountain API

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward alphaMountain API lookup skill that needs an API key and sends queried hostnames to the service, with no hidden code or persistence found.

Install only if you are comfortable sending queried hostnames or URL-derived hostnames, plus your alphaMountain API key, to alphaMountain.ai. Avoid submitting confidential internal domains unless approved, and use a dedicated or limited API key where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill encourages broad natural-language use but does not clearly disclose that user-supplied hostnames/URLs and the configured API key will be sent to a third-party service. This can lead to unintended disclosure of sensitive investigation targets or internal domains, especially when users assume analysis is local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal