Back to skill

Security audit

Api Quick Tester

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward API testing helper, but users should be careful with real credentials and production API endpoints.

Use this only for APIs you intend to test. Prefer test credentials or short-lived tokens, avoid putting real secrets directly in command lines, and double-check the URL and method before POST, PUT, PATCH, or DELETE requests. Treat response output as potentially sensitive, especially in terminals, CI logs, or shared sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples encourage passing Bearer tokens, Basic credentials, and API keys directly on the command line. Secrets supplied this way can be exposed via shell history, process listings, terminal logging, or CI logs, causing credential leakage to other local users or log consumers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.