Agent HQ

Security checks across malware telemetry and agentic risk

Overview

Agent HQ is a disclosed setup guide for a local mission-control app with expected GitHub, npm, Telegram, and optional cron-job risks.

Before installing, inspect the referenced GitHub repository and dependency lockfiles, prefer pinning a trusted commit or release, use a dedicated low-privilege Telegram bot, keep tokens out of source control, set AGENT_HQ_API_TOKEN before exposing the service, and install cron jobs only if you want alerts to keep running in the background.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly configures Telegram notifications and alert automation but does not clearly warn users that board content or alert data may be transmitted to a third-party service. In deployment-oriented documentation, this omission can cause operators to unknowingly expose operational data, task details, or other sensitive content outside the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal