Ptengine Heatmap Analyze

Security checks across malware telemetry and agentic risk

Overview

The skill’s heatmap-analysis purpose is coherent, but it needs review because it tells the agent to handle a Ptengine API key despite saying it does not.

Review before installing. Do not paste a Ptengine API key into the agent chat; configure ptengine-cli manually or through a secure credential prompt, use a least-privileged key if possible, and remember that heatmap queries may expose sensitive business analytics.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill claims it never reads, writes, or transmits the API key itself, yet later instructs the agent to ask the user for the API key and invoke `ptengine-cli config set --api-key <KEY> ...`. That means the agent necessarily handles secret material in prompt/tool context, creating risk of credential exposure through logs, transcripts, command history, or downstream tool telemetry.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The disclosure states `config.yaml` is read only by `ptengine-cli`, but the workflow explicitly tells the skill to check whether the file exists and contains `api_key:`. This is a direct contradiction that expands the skill's access to credential-adjacent filesystem data and weakens user trust about what the skill inspects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal