Pywayne Llm Chat Window

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for launching an LLM chat window, with expected API-key and external-provider use disclosed in the examples.

Before installing, confirm the pywayne package comes from a trusted source, avoid hardcoding or sharing real API keys, and do not enter secrets or regulated data unless you trust the configured LLM provider and endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation explicitly shows sending chat content to an external LLM API but does not warn users that prompts, conversation history, and possibly sensitive data will leave the local machine. In a chat-window skill, users may paste secrets or proprietary content, so the omission materially increases privacy and data-handling risk even though it is documentation rather than executable code.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal