WebsiteMonitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed website-monitoring code guide; its recurring checks, local storage, and reports are expected for that purpose.

Use this skill only for websites or services you are authorized to monitor. Avoid internal, localhost, metadata-service, or sensitive private endpoints unless you deliberately intend to monitor them, store reports in a private directory, review the 5-minute interval and 90-day retention setting, and enable Docker or systemd persistence only when you want it running unattended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill generates code for recurring network probes, local persistence, and HTML report generation without clearly warning about operational and security risks such as SSRF against internal URLs, monitoring of sensitive endpoints, report exposure, and long-running background execution. In this context, the skill directly encourages automated network activity and file generation, so missing safeguards materially increases the chance of unsafe deployment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal