BluTranslate

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Bluente document-translation helper, but users should understand that selected documents and the API key are used with an external service.

Install only if you are comfortable sending the selected files to Bluente for translation. Avoid using it on sensitive business, legal, medical, client, or regulated documents unless Bluente is approved for that data, and keep your API key out of shared logs, scripts, and source control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill solicits a Bluente API key and uploads user documents to a third-party translation service, but the description does not explicitly warn users that both credentials and file contents will be transmitted externally. This creates a consent and data-handling risk, especially for sensitive documents, because users may invoke the skill without understanding the external disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal