Azure Keyvault Py

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Azure Key Vault helper skill, with legitimate SDK examples but some sensitive examples need careful handling.

Install only if you intend to work with Azure Key Vault from Python. Treat delete, purge, and certificate-secret examples as administrative operations: use least-privilege credentials, test on non-production vaults first, never print or log private keys or secret values, and require explicit human confirmation before deleting or purging vault contents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill provides ready-to-copy deletion and purge examples for secrets without clearly warning that purge may permanently remove recoverable data and that deletion actions can disrupt dependent applications. In an agent skill context, omission of safety framing increases the chance of destructive operations being suggested or executed without adequate user confirmation.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill demonstrates retrieving a certificate secret that may include the private key, but does not warn that exporting or printing such material can compromise identity, TLS termination, or signing trust if mishandled. In a secret-management skill, examples involving private key extraction are particularly sensitive because users may copy them directly into insecure workflows or logs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal