Permissions Broker
Security checks across malware telemetry and agentic risk
Overview
This skill transparently routes external account requests through a Telegram approval broker and does not include hidden executable behavior.
Install only if you trust the Permissions Broker service and its Telegram approval flow. Treat PB_API_KEY as a secret, store it only if you intend reuse, connect only the accounts you need, and carefully review each Telegram approval for URL, method, body, and consent reason, especially for write, delete, Git push, playback-control, or broad data-read requests.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.