睿查得-企业信息查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent enterprise-information lookup tool, but users should handle its API key and raw company/person records carefully.

Install only if you trust the 睿查得 enterprise-information API. Avoid pasting real API keys into shared chats or logs, and review raw JSON results before forwarding them because they may include personal names, business identifiers, ownership details, or other sensitive fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill repeatedly instructs the agent to return raw JSON responses directly to the user without any filtering, review, or warning. Because the queried data includes sensitive enterprise-related categories such as shareholders, executives, legal representative links, and annual report details, raw passthrough can expose privacy-impacting fields, internal identifiers, or unexpected data returned by the upstream API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal