Back to skill

Security audit

Link Checker

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks links over the network and keeps local link-checking history, with privacy cautions for sensitive URLs.

Install if you are comfortable with checked URLs being contacted and full URLs being saved locally under ~/.link-checker. Avoid scanning private files, internal endpoints, or URLs containing tokens unless that exposure is acceptable, and delete local history or exports afterward when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill causes outbound requests to user-supplied URLs and stores URL/history data under `~/.link-checker/`, but the top-level description does not prominently warn about either behavior. This can lead to unintended SSRF-style access to internal endpoints, privacy leakage from checked URLs, and persistent local storage of sensitive targets or tokens embedded in URLs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs outbound HTTP requests for any URL supplied directly by the user or extracted from a file, and it also persists those URLs to results/history logs under the user's home directory. In an agent context, this creates SSRF-style risk against internal services and can leak sensitive URLs, tokens, or internal hostnames through local logs without any explicit warning, consent gate, or scope restriction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.