数据库助手

Security checks across malware telemetry and agentic risk

Overview

This database helper is a coherent SQL/SQLite coding aid, but users should treat its write, delete, import, and export examples as operations that can change or expose data.

Install only if you want a coding assistant for SQL/database tasks. Review generated queries before running them, use backups for real databases, and be careful with CSV exports because they may write sensitive table contents to local files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation keywords are very broad (e.g., '数据库', 'SQL', 'database', '查询'), making accidental invocation likely during ordinary conversation. In a skill that can build queries, modify schema, and import/export data, unintended activation increases the chance of destructive or privacy-impacting actions being triggered without clear user intent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises schema management and data import/export capabilities without warning that these operations can alter, overwrite, delete, or exfiltrate data. Given the included code supports CREATE TABLE, DELETE, CSV import/export, and arbitrary query execution, users may invoke risky operations without understanding the modification and disclosure consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal