API Health Checker

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only API health checker whose network requests and optional authentication support match its stated purpose.

Install is reasonable for API testing. Use it only with endpoints you intend to test, avoid production tokens when possible, prefer least-privilege or temporary credentials, and be careful with POST, PUT, or DELETE checks because the target API may treat them as real changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly supports sending custom headers, authentication tokens, and request bodies to user-specified endpoints, but it does not warn users that these secrets and payloads will be transmitted to external systems. This creates a real risk of accidental credential disclosure or unintended data exfiltration, especially if a user supplies production tokens or sensitive request data to an untrusted or mistyped URL.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal