Microservices Starter

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly documentation, but its quick start tells users to run missing local scripts that include an unscoped production Kubernetes deployment.

Install only as reference documentation unless you have separately obtained and reviewed the referenced scripts. Do not let an agent run the Quick Start automatically; verify the Kubernetes context and namespace, start with staging or dry-run workflows, and require explicit human approval before any production deployment or monitoring installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The quick-start section includes a production deployment command (`./deploy.sh production`) presented as a routine setup step without any warning, confirmation requirement, or guidance about the consequences of targeting live infrastructure. In an agent skill context, this increases the chance that a user or automated system will execute a destructive or irreversible action against real environments by mistake.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal