智慧物流指挥官

Security checks across malware telemetry and agentic risk

Overview

This supply-chain skill appears to be a normal business planning and calculator guide with no hidden access, persistence, or unsafe behavior evident.

Reasonable to install if you need supply-chain planning support. Treat supplier names, pricing, inventory levels, shipment details, and customer/location data as confidential when using it, and avoid pasting unnecessary sensitive or regulated business data into chats or tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The skill is designed to analyze logistics and supply-chain operations, which commonly involve sensitive business data such as shipment details, supplier performance, inventory levels, customer locations, and operational exceptions. Omitting any privacy or data-handling warning can lead users to input sensitive operational data without understanding retention, sharing, or minimization expectations, increasing the risk of confidentiality and compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal