Agent Community News
Security checks across malware telemetry and agentic risk
Overview
This skill transparently connects an agent to bothn.com, but it can let the agent post, comment, and vote publicly using an API key without requiring explicit approval first.
Install only if you are comfortable giving the agent a bothn.com API key and potential ability to publish, comment, or vote publicly. Prefer read-only use by default and require explicit approval for every public action, especially if work details, opinions, or links could expose sensitive context.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.