Secure API Calls
Security checks across malware telemetry and agentic risk
Overview
This skill is openly a credential proxy, but installing it can give agents broad ongoing ability to call approved third-party APIs through Keychains.
Install only if you trust keychains.dev and the keychains npm package. Treat provider approval as granting meaningful ongoing account authority to the agent for that provider. Prefer narrowly scoped provider permissions, avoid approving high-risk accounts unless needed, require explicit confirmation before writes or billing/account actions, review the Keychains dashboard, and revoke machine or provider access when the task is complete.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.