Lensmor Event Fit Score

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Lensmor trade-show scoring integration with no executable code or unrelated system access.

Before installing, confirm your organization is comfortable using Lensmor for event fit scoring. Keep LENSMOR_API_KEY in a secure environment variable, do not paste confidential business details into prompts unless approved, and remember that event queries and company-profile-derived scoring are handled by Lensmor's external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The manifest description contains many broad trigger phrases in multiple languages, which can cause the skill to activate for generic event-evaluation requests beyond a user's clear intent. Overbroad invocation increases the chance of unintended routing to a third-party API workflow, which can expose business-context queries or steer users into a proprietary service unexpectedly.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to send event names and implicitly score against the company's profile via the Lensmor API, but it does not present an explicit user-facing disclosure before data leaves the local environment. This creates a privacy and consent risk because users may not realize that their business profile and event query are being transmitted to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal