Huoban

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Huoban low-code assistant whose API and webhook examples are relevant to its stated purpose, though users should handle tokens and delete operations carefully.

Install only if you want the agent to help with Huoban setup and integrations. Keep API tokens out of code, use scoped tokens where possible, verify webhook endpoints, and require explicit confirmation before running update or delete API operations on business records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes API token authentication examples and webhook/API integrations but does not warn users about secure credential storage, token scoping/rotation, or the privacy implications of transmitting business data to external services. In a low-code automation context, users may copy these examples directly and expose sensitive records, tokens, or internal workflow data to third-party endpoints without realizing the security consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal