Aport Handoff

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only handoff skill whose file saving and optional delivery behavior are disclosed and aligned with its purpose, but users should review where handoff documents are stored or sent.

Before installing, confirm that you want handoffs saved locally and decide where they should be stored. Review the generated handoff for secrets, internal-only details, or unnecessary personal/project metadata before saving or posting it to GitHub, Slack, Discord, MCP messaging, or any other external destination.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill directs agents to always save a local copy of the handoff, but the handoff content is explicitly intended to include completed-work details, verification metadata, decision IDs, and potentially contextual notes about dependencies, blockers, or next steps. Persisting that information locally without any guidance on redaction, secure storage, retention, or user approval can leak sensitive project or identity-linked metadata to insecure disks, shared workspaces, logs, or synced folders.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal