Trade Show Lead Recommender

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Lensmor API helper that uses one disclosed API key to fetch trade-show exhibitor recommendations.

Install only if you trust Lensmor with your trade-show and ICP query data. Store LENSMOR_API_KEY as a secret, avoid putting real keys directly into copied curl examples or shared logs, and review any related downstream skills before using handoffs for contact finding or outreach.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The example shows bearer-token usage in shell commands without any guidance on safe credential handling. Users may paste real API keys directly into commands, which can then be exposed through shell history, terminal logs, screenshots, or shared documentation; while the token shown is a placeholder, the omission still creates a realistic credential-leak risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal