Geo Ip

Security checks across malware telemetry and agentic risk

Overview

This is a simple IP location lookup skill, with the main consideration being that queried IP addresses go to ipinfo.io.

Safe to install for ordinary IP lookups. Avoid querying sensitive internal, customer, or confidential IP addresses unless you are comfortable sending them to ipinfo.io.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends user-supplied IP addresses to the external ipinfo.io service but does not clearly warn users that their input will be transmitted to a third party. IP addresses can be sensitive personal or infrastructure information, so this omission can lead to unintended data disclosure and privacy or operational risks.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal