Api And Data

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only frontend API/data-layer skill; its trigger wording is broad, but it does not run code, persist data, or access credentials.

Safe to install for frontend API/data-layer help. Be aware it may activate on generic terms like loading, requests, or cache; review generated auth, retry, and caching code before applying it to a real app.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation condition is broad: any user mention of common API-related terms such as requests, error handling, loading, empty states, caching, or data flow can trigger the skill. Overly permissive triggers can cause unintended invocation in unrelated conversations, which increases the chance the agent applies the wrong guidance or exposes capabilities outside the user's actual intent. In this context the skill is focused on normal frontend/data-layer design, so the consequence is mainly misrouting or over-activation rather than direct security compromise.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal