保险产品解析

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward insurance product lookup that calls a disclosed external product-detail API, with minor transparency and reliability caveats.

Install only if you are comfortable with selected insurance product identifiers being sent to the external product-detail API. Confirm important insurance details against official policy documents, and verify that any missing product-mapping CSV comes from a trusted source if you need product-name matching.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to call an external API via scripts/main.py but does not clearly warn the user that their query will trigger an outbound request. This can undermine informed consent and privacy expectations, especially if user-supplied product names or related context are transmitted to external services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal