Gateway Monitor
Security checks across malware telemetry and agentic risk
Overview
This skill’s monitoring purpose is clear, but it requires unreviewed external server code to control local Gateway services and configuration.
Install only after reviewing and pinning the external gateway-monitor repository code, especially server.js and the launchd plist. Keep the dashboard bound to 127.0.0.1, do not expose its port, use least-privileged API keys, and treat restore/restart/stop controls as actions that can change or interrupt your local Gateway services.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.