ollama-skill
Security checks across malware telemetry and agentic risk
Overview
The skill’s files are ordinary Ollama integration guidance, but its install metadata claims unrelated purchase and crypto capabilities that users should review.
Before installing, confirm why the skill is tagged for purchases and crypto or remove those capabilities if they affect platform permissions. If you proceed, keep Ollama endpoints pointed at localhost or a trusted host, use OLLAMA_API_KEY only for intended cloud calls, and treat prompts/code sent to remote Ollama endpoints as shared with that provider.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.