Content Keyword Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed keyword-tracking/reporting guide with optional webhook delivery, but users should treat keywords and generated reports as data that may leave their machine.

Install only if you are comfortable sending search queries to Tavily and, if configured, report contents to your webhook provider. Use non-sensitive keywords where possible, a dedicated Tavily key, a trusted HTTPS webhook endpoint, and verify the missing runtime implementation before trying to run `node index.js`.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises webhook-based report delivery without an explicit warning that generated reports and tracked keyword results will be transmitted to a third-party endpoint. Because reports may contain sensitive research topics, internal monitoring interests, or other business-context data, users could unknowingly exfiltrate information outside their local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal