Url Shorten

Security checks across malware telemetry and agentic risk

Overview

This is a simple URL-shortening skill that sends URLs you choose to TinyURL or Bitly, with no hidden install or persistence behavior found.

Install is reasonable for ordinary URL shortening. Do not shorten sensitive internal links, password-reset links, pre-signed URLs, invite links, or URLs with secrets in query parameters; only set BITLY_TOKEN when you intend the skill to use your Bitly account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documentation tells users to submit arbitrary URLs to TinyURL or Bitly but does not clearly disclose that those URLs are transmitted to third-party services. This can expose sensitive internal links, pre-signed URLs, tokens embedded in query strings, or private resources to external providers, creating an avoidable data leakage risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal