Link Checker

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks links over the network and keeps local link-checking history, with privacy cautions for sensitive URLs.

Install if you are comfortable with checked URLs being contacted and full URLs being saved locally under ~/.link-checker. Avoid scanning private files, internal endpoints, or URLs containing tokens unless that exposure is acceptable, and delete local history or exports afterward when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill causes outbound requests to user-supplied URLs and stores URL/history data under `~/.link-checker/`, but the top-level description does not prominently warn about either behavior. This can lead to unintended SSRF-style access to internal endpoints, privacy leakage from checked URLs, and persistent local storage of sensitive targets or tokens embedded in URLs.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script performs outbound HTTP requests for any URL supplied directly by the user or extracted from a file, and it also persists those URLs to results/history logs under the user's home directory. In an agent context, this creates SSRF-style risk against internal services and can leak sensitive URLs, tokens, or internal hostnames through local logs without any explicit warning, consent gate, or scope restriction.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal