Model Throughput Tester

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LLM throughput benchmark tool, with expected network calls and local report writing for that purpose.

Before installing, be aware that API mode transmits the test prompt and bearer token to the endpoint you provide, so use trusted HTTPS endpoints and avoid sensitive prompts. The tool also creates local report files, so choose an output path you are comfortable overwriting or retaining.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly supports sending prompts and an API key to arbitrary OpenAI-compatible endpoints, but the documentation does not clearly warn that benchmark prompts, model outputs, and credentials are transmitted to an external service. In a benchmarking context, users may assume this is a local or harmless performance test and unintentionally disclose sensitive data or use untrusted endpoints.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill documents writing reports to a local output file but does not warn users that files will be created or potentially overwritten. This can lead to accidental clobbering of existing files or unintended persistence of benchmark results that may contain operational details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal