Data Management Plan Creator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local NIH data-management-plan draft generator with file-saving caveats but no evidence of hidden, destructive, or exfiltrating behavior.

Install only if you are comfortable storing draft grant and research details locally. Choose --output deliberately, avoid pointing it at existing important files, and run it in a private workspace if the plan contains sensitive project, investigator, or institutional information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The script always persists the generated plan to disk, even when the user may expect stdout-only behavior. Because the content can include researcher names, institution details, contact email, access restrictions, and potentially sensitive project descriptions, automatic file creation can leave unintended local artifacts, expose data to other users on the system, or violate user expectations around data handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal