Aiprox Workflows

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AIProx workflow helper, with disclosed paid scheduling and external delivery behavior that users should configure carefully.

Install only if you intend to use AIProx's hosted workflow service. Treat AIPROX_SPEND_TOKEN as a secret billing credential, keep it out of source control and shared logs, review schedules before enabling recurring runs, and only send workflow outputs to email or webhook destinations you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill prominently encourages workflows that deliver results by email or webhook, but it does not clearly warn that workflow outputs may contain sensitive data and will be sent to external destinations. In a multi-agent automation context, users may unknowingly route confidential prompts, scraped content, or analysis results outside their trust boundary, increasing the risk of data leakage or unintended disclosure.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The authentication section shows how to place the AIPROX_SPEND_TOKEN in configuration but does not warn that it is a sensitive credential tied to billable usage. If exposed through screenshots, logs, repositories, or shared config files, an attacker could abuse the token to run paid workflows, incur charges, and access workflow metadata associated with that token.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal