Back to skill

Security audit

Ainative Api Discovery

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only API reference skill for AINative, with no executable install behavior, but users should be careful with credentials and account-changing API calls.

Install this as an API documentation aid, not as an automation to run blindly. Before using generated examples, use scoped test keys, avoid sending secrets or regulated data, and require explicit confirmation for POST, PUT, or DELETE requests that affect billing, memory, files, developer payouts, accounts, or admin data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill catalogs numerous sensitive endpoints, including authentication, memory, billing, developer payouts, and superuser admin routes, but provides no safety guidance about privileged access, destructive actions, or privacy implications. In an agent context, this increases the risk that an agent will invoke high-impact APIs without adequate user confirmation, authorization checks, or least-privilege handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.