PropAI Live
Security checks across malware telemetry and agentic risk
Overview
This skill is not clearly harmful, but it needs review because it directs agents toward real WhatsApp, Meta, lead-storage, and spending workflows through dependencies and a CLI that are not included or scoped in the submitted artifact.
Install only if you trust the publisher and can verify the propai-live CLI plus the listed dependency skills. Use a trusted license API URL, protect the local license state file, and require explicit confirmation before any live message, social post, lead write, or spending action.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.