Security audit

DomainAgentHub

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only task-routing skill whose delegation and tool recommendations are disclosed and aligned with its stated purpose.

Before installing, understand that this skill may route complex work to other agents and recommend or use external services if you configure them. Confirm before delegating sensitive financial, business, or personal tasks, and review any third-party provider’s privacy and cost terms separately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly directs tasks to external financial data and search providers and even states that analysis has already used Tushare, but it does not require informing the user that task content, symbols, portfolio context, or queries may be sent to third-party services. This creates a real privacy and data-governance risk, especially for financial tasks where holdings or research intent may be sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal