Skylv Api Tester

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only API testing skill whose risky parts are expected for API testing, but users should handle credentials and destructive requests carefully.

Install this only if you want the agent to send HTTP requests to APIs you are authorized to test. Prefer staging or mock endpoints, redact Authorization headers/API keys/cookies in prompts and reports, and be explicit before running POST, PUT, DELETE, or high-volume performance tests against production systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill explicitly demonstrates authenticated API requests and includes an Authorization header in example output, but provides no warning against using real tokens, production systems, or sensitive payloads. In an agent context, this can normalize sending secrets to arbitrary user-supplied endpoints and can lead to credential leakage or unintended disclosure of sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal