Senior Data Scientist

Security checks across malware telemetry and agentic risk

Overview

This is a data-science guidance skill with template scripts and some broad deployment examples, but no hidden execution, persistence, credential handling, or exfiltration behavior was found.

Install this if you want data-science workflow guidance and boilerplate. Treat the scripts as templates, not validated production tools, and only run the Docker, Kubernetes, Helm, MLflow, or health-check commands in an environment where you understand the target and have explicit authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill broadens from analytics guidance into deployment and infrastructure operations such as Docker, Kubernetes, Helm, and operational log access. In an agent setting, this scope expansion can cause the agent to take high-impact actions outside the user's expected data-science context, increasing the risk of unauthorized deployment changes or production interaction.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Including Kubernetes, Helm, and Docker commands in a data-science skill creates an unjustified operational capability that could be invoked by an agent during normal analytics workflows. Because these commands can build images, inspect running services, and modify cluster state, they materially increase the blast radius if the skill is misused or overtrusted.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal