Back to skill

Security audit

Json To Api

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow JSON-to-OpenAPI helper with no hidden network, credential, persistence, or destructive behavior found.

Install this if you want help turning JSON examples into REST endpoint designs or OpenAPI specs. Invoke it intentionally for API-spec generation rather than general JSON review; minor documentation name mismatches in reference/contribution/test text appear to be consistency issues, not added capability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language is fairly broad and can cause the skill to activate on loosely related requests involving JSON and APIs. In an agent environment, ambiguous activation increases the chance the skill is invoked in the wrong context, potentially overriding more appropriate skills or causing unintended processing of user data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.