KOL Profiler

Security checks across malware telemetry and agentic risk

Overview

This is a simple local KOL profiling skill with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable running a local Python script on publication data you choose. Treat any KOL profiling outputs as potentially sensitive business or healthcare-related analysis, and keep generated files in an appropriate workspace or delete them when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill explicitly states that output files are written to the workspace and includes an output path parameter, but it does not clearly warn users that generated files may persist and could contain sensitive or regulated profiling data. In a pharma/KOL context, even seemingly routine output can expose physician profiling, collaboration mappings, and analysis artifacts to unintended readers if persistence and storage location are not made explicit.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal