Deutsche Bahn CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a small Deutsche Bahn train-search helper, with the main caution that it asks users to run a local Node project they must already trust.
Install this only if `~/Code/bahn-cli` is the train-search project you intended to use and you trust its source. Review that project's `package.json` and dependencies before running `npm install`; the skill itself does not ask for credentials or sensitive access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.