Portal
Security checks across malware telemetry and agentic risk
Overview
Portal is a coherent live-demo skill, but it can save authenticated browser sessions and upload local project files to a cloud service without enough containment guidance.
Review carefully before installing. Use disposable or least-privilege demo accounts, avoid production admin sessions, remove secrets such as .env files and credentials before uploading local projects, and verify the separate portal plugin before trusting it with private sites or source code.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.