Aport Complete

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only APort completion-check skill that openly sends task evidence to APort, with no hidden code, persistence, or destructive behavior found.

Install this only if you want APort to act as a required completion gate for your agent. Before using it, avoid sending secrets, private source content, credentials, PII, or confidential ticket details in summaries, evidence, or output_content unless you are comfortable sharing that data with APort; also review the optional npx setup path before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to send task metadata, agent identifiers, summaries, test status, attestations, and potentially full output content to a third-party API, but it does not include any explicit privacy notice, consent step, data minimization guidance, or warning about sensitive content disclosure. In an agent setting, this can cause unintended exfiltration of proprietary code, internal ticket data, credentials embedded in output, or personally identifiable information if the agent follows the instructions blindly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal