Find API

Security checks across malware telemetry and agentic risk

Overview

No malicious behavior is evidenced; the main caveat is that broad trigger words may make the skill activate more often than intended.

Install if you want a helper for external data/API selection, but be aware it may activate on generic words. When it suggests fetching data or using an API, confirm the source and cost before proceeding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad terms like "api", "reliable", "fetch", and "price", which are common in many unrelated user requests. This can cause the skill to activate unexpectedly and steer the agent toward external data access or package/API recommendations when they were not needed, increasing the chance of unnecessary network use and inappropriate workflow changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal