Data Analyzer Pro

Security checks across malware telemetry and agentic risk

Overview

This is a local data-analysis skill that reads user-chosen CSV or JSON files and can optionally save a JSON report, with no evidence of hidden network access, credential use, or destructive behavior.

Install only if you are comfortable with a local helper reading the CSV or JSON files you point it at. Do not analyze highly sensitive datasets unless you are also comfortable with the generated report being saved locally; specify a clear output filename and avoid reusing paths that might overwrite existing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation phrase "统计" is extremely generic and likely to match many ordinary user requests about counting or summarizing, causing the skill to trigger outside its intended scope. In this skill, unintended activation is more concerning because the skill can load user-specified files and write analysis results to disk, so accidental invocation could lead to unanticipated file access or persistence.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The description advertises local persistence of results but does not clearly warn users that the skill writes files to disk. In context, the code supports arbitrary output paths via report(output), so users may unknowingly create persistent artifacts, overwrite files, or leave sensitive analysis results stored locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal