Supply Chain Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward supply-chain analysis helper, but users should avoid sharing unnecessary sensitive business data.

Before installing or using it, treat sales, inventory, logistics, supplier, pricing, and customer-linked datasets as sensitive. Share only the minimum fields needed, redact personal data and confidential supplier terms where possible, and verify any optimization recommendations before applying them operationally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs users to upload historical sales, inventory lists, and logistics network data, which commonly contain commercially sensitive information and may also include personal or partner data. Without any warning about data minimization, redaction, confidentiality, or handling requirements, users may disclose sensitive operational data to the system unnecessarily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal