Argus Intelligence

Security checks across malware telemetry and agentic risk

Overview

Argus is a disclosed API-based blockchain risk and prompt-security skill, with privacy and payment-token cautions but no artifact-backed malicious behavior.

Install only if you are comfortable sending selected blockchain addresses, prompts, usernames, agent IDs, webhook URLs, and payment proofs or tokens to the ARGUS service you configure. Use the documented HTTPS endpoint, avoid including private keys or seed phrases, keep Stripe/payment tokens out of shared logs, and explicitly approve paid requests and webhook registration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill encourages sending user prompts, addresses, usernames, and other potentially sensitive investigation inputs to a remote service without a prominent privacy warning or data-handling disclosure. This is dangerous because operators may unknowingly transmit sensitive user content, compliance-related identifiers, or internal prompts to a third party, creating privacy, confidentiality, and regulatory exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal