AIKEK API

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AIKEK API integration, but users should handle its generated wallet key and non-expiring API token carefully.

Install only if you are comfortable creating an AIKEK authentication wallet and storing a non-expiring API token locally. Do not run or share commands that print the full token, keep ~/.config/aikek/credentials private, avoid putting funds in the generated wallet, and explicitly approve any credit-spending API calls or referral submissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The example prints the full API token to the terminal, which can expose long-lived credentials through shell history, terminal scrollback, screen sharing, logging, or multi-user systems. Because the token is reusable and non-expiring, accidental disclosure could allow unauthorized API use until manually revoked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal