Env Loader
Security checks across malware telemetry and agentic risk
Overview
This is a small local .env-loading guidance skill with no bundled executable code or evidence of hidden behavior.
Before installing, understand that this version appears to provide instructions only; the mentioned scripts are missing. Use it only in projects where you are comfortable letting the agent inspect .env files, and review any generated load-env.sh before using it in deployment.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.