saltshaer
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed Google Workspace CLI helper, but it can access and change real Google account data after OAuth setup.
Install only if you trust the external gog CLI and are comfortable granting OAuth access to the Google services you enable. Review the OAuth consent scopes, use the minimum account and services needed, and explicitly confirm before sending mail, creating events, or updating, appending, or clearing Sheets data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.