Back to skill

Security audit

RouterBase Model Routing

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-style RouterBase model selection helper that makes expected authenticated catalog and pricing API calls, with no executable install or persistence behavior.

Installers should be comfortable with the agent using their own RouterBase API key to make authenticated requests to RouterBase for model and pricing information. Review organizational secret-handling rules before running the curl examples, and avoid using credentials from accounts you do not control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
77% confidence
Finding
This markdown file includes curl examples that send a bearer token from the `ROUTERBASE_API_KEY` environment variable to an external service. While the examples are straightforward, the document does not explicitly warn readers that it transmits credentials to a remote endpoint or that valid credentials are required.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.