Api Monitor Dashboard

Security checks across malware telemetry and agentic risk

Overview

This is a simple user-run API monitor with expected network checks, but it is basic and should only be used with endpoints you trust.

Install only if you want a minimal local API monitor. Run it in a dedicated directory, avoid URLs containing secrets, do not let untrusted users add endpoints, and be careful running it on networks where internal services or metadata endpoints should not be reachable. Do not rely on the advertised alerting or historical reporting until those features are actually implemented.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The generated monitor performs outbound requests to arbitrary user-supplied URLs from the host where it runs. In contexts where untrusted users can add endpoints, this becomes an SSRF-style capability that can probe internal services, metadata endpoints, or otherwise restricted network locations from the local network position of the machine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal