Ucm

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides paid access to many external APIs, including code execution and email, and does not show hidden or deceptive behavior.

Install only if you want your agent to use UCM as an external API marketplace. Ask for confirmation before paid calls, email sends, or sandbox code execution; do not send secrets or confidential documents unless you accept UCM and downstream provider processing; keep the UCM_API_KEY and terminal logs containing it private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup and usage instructions direct agents to send data and bearer credentials to external UCM endpoints and to spend credits, but they do not present a prominent warning about data egress, third-party processing, or financial cost. In an agent setting, this can lead to silent transmission of user prompts or documents and unanticipated paid API usage.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The catalog prominently advertises live external services and instructs agents to call a remote registry, but it does not warn that many endpoints transmit prompts, URLs, audio, documents, email metadata, or other user-supplied data to third-party providers. In an agent setting, omission of disclosure and consent guidance increases the chance that sensitive data is exfiltrated off-platform without the user understanding where it is going.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code-sandbox entry documents arbitrary code execution across multiple languages and presents it as a normal capability without any warning about untrusted code, data access risks, side effects, cost, or policy constraints. In an agent marketplace, this can encourage agents to execute attacker-supplied code or transformed prompt content, turning prompt injection or malicious user input into active execution.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The email service description explains verification workflow but omits a clear warning that this capability causes outbound communication to external recipients and may disclose user or system-generated content outside the platform. In agent contexts, that creates risk of spam, accidental disclosure, social engineering, or unauthorized contact if an agent is induced to send messages automatically.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script reads an existing API key from the local credentials file and prints it directly to stdout. This can leak the credential into terminal scrollback, logs, screen recordings, shell history transcripts, or CI/job output, making later unauthorized API use possible.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: After successful registration, the script prints the newly issued API key in cleartext. Newly created secrets are especially likely to be exposed through terminal logging, pasted transcripts, remote sessions, or shared setup output, which can immediately compromise the account credits and downstream API access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal