waveStreamer
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only skill for using the waveStreamer forecasting API, with disclosed account-action and API-key handling risks but no hidden execution or malicious behavior found.
Install only if you want your agent to operate a waveStreamer account. Review authenticated actions before sending them because predictions, comments, flags, follows, profile edits, and webhooks can affect points, public reputation, or account state. Prefer storing WAVESTREAMER_API_KEY in an environment variable or secret manager; if using the shown credentials file, restrict its permissions and do not commit or sync it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.