Traffic-Data

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward traffic lookup skill that uses map API keys for its stated purpose and shows no hidden persistence or destructive behavior.

Install only if you are comfortable providing map-provider API keys for traffic lookups. Use restricted keys with quotas, and verify the entry command because the documented helper scripts are missing from the package.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Low

Confidence: 78% confidence
Finding: The skill includes a config command that reveals which environment-based API credentials are present. While it does not print the secret values, exposing credential presence can aid reconnaissance by telling a user which external services are enabled and available for abuse or targeting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal