Free Model Config

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed configuration helper for free AI model APIs, but users should treat its API-key examples and local config file as sensitive.

Install only if you are comfortable configuring third-party AI providers. Use environment variables or a credential manager where possible, avoid pasting real API keys into chat, reports, screenshots, or repositories, restrict permissions on ~/.workbuddy/models.json if you use it, and run the generation script only with providers and prompts you are willing to send to that external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to activate on ordinary discussion about models, APIs, or settings. Overbroad invocation is risky because it can cause the skill to run in contexts where the user did not intend configuration or external actions, increasing the chance of unnecessary secret handling, misconfiguration, or unexpected network/file operations.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The template hard-codes Agnes AI as the default platform preference when the user has not specified a platform. This can silently steer users toward a particular provider without informed choice, producing biased recommendations and potentially causing unintended sharing of requests or configuration with an unrequested third-party platform.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The example output demonstrates resolving an unspecified platform preference to Agnes AI, normalizing provider selection without user opt-in. In a model configuration skill, this is more dangerous because examples often become implementation behavior, leading agents to consistently recommend or configure a specific external service by default.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The template explicitly includes an apiKey field and tells the user to generate and fill it, but provides no warning about secret handling, storage, redaction, or avoiding accidental disclosure in chat/output. In a skill meant to help configure third-party AI services, this omission can lead users to paste live credentials into prompts, logs, shared configs, or version control, exposing accounts and downstream API usage.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The template explicitly instructs users to store live API keys in a plaintext local configuration file, but it does not prominently warn that these are sensitive credentials or advise on file permissions, encryption, or secret-store alternatives. If the workstation is shared, backed up, synced, or compromised, the keys can be exposed and abused against third-party AI accounts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The curl testing example transmits a bearer token and prompt content to external services but does not clearly warn users that both credentials and possibly sensitive input data are being sent off-host. This can lead to accidental disclosure of secrets or regulated data during testing.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The instructions tell users to populate one shared models.json file with multiple real API keys, increasing the blast radius if that file is leaked or misconfigured. The document only mentions placeholder masking in the template and does not give strong operational guidance for secret protection in actual use.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The template instructs users to store an API key directly in a local JSON config file but does not provide any guidance on secure secret handling, such as file permissions, avoiding commits, or using environment variables or a secret store. In a model-configuration skill, this is especially risky because users are likely to copy the pattern verbatim, leading to long-lived credentials being left in plaintext on disk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The validation workflow tells users to test the API key and endpoint using live network calls, but it does not warn that these checks send credentials and configuration-derived data to external services. In the context of a free-model configuration skill that encourages many third-party endpoints, this increases the chance of inadvertent credential disclosure, testing against untrusted services, or leaking metadata through routine validation steps.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The update report example explicitly includes old and new API key values in a markdown artifact, normalizing the practice of recording secrets in plaintext outputs. This is dangerous because reports are often shared, logged, backed up, or committed, creating a durable secret-exposure path that can directly enable unauthorized API access.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to generate and save API keys but does not provide secure-handling guidance such as avoiding plaintext storage, limiting key scope, or using secret managers. In a configuration skill, this omission can directly lead users to place live credentials into markdown, JSON templates, or shared files, increasing the chance of credential leakage and downstream account abuse.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document enumerates real provider consoles, endpoints, and key-generation flows but lacks prominent warnings about credential exposure when populating configuration files. Because the skill’s purpose is to help users assemble API configs, the surrounding context makes accidental secret insertion into JSON templates especially likely, which can enable unauthorized API use and billing abuse if those files are shared or logged.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal