Api Debugger Cn

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Chinese API debugging reference, with normal API request and credential examples that require user care but do not show hidden or malicious behavior.

Install this as an API debugging reference, but treat its commands as templates. Before running PUT, PATCH, DELETE, upload, or authenticated requests, confirm the target URL and use a test environment when possible. Use least-privilege tokens, avoid secrets in shell history or query strings, and redact logs or screenshots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes PUT/PATCH/DELETE examples that modify or delete remote resources but does not clearly warn users that these commands are state-changing and should not be run against production or real data. In an API debugging skill, users are likely to copy-paste examples directly, so omission of a safety warning materially increases the risk of accidental destructive actions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The authentication examples show secrets in headers, Basic Auth credentials, and especially API keys in query parameters without a clear privacy warning. Users may paste real tokens into shell history, logs, screenshots, proxies, or URLs, causing inadvertent credential exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal