Back to skill

Security audit

Dataset Finder

Security checks across malware telemetry and agentic risk

Overview

Dataset Finder behaves like a normal dataset search, download, preview, and documentation tool, with expected network, credential, and local-file risks.

Install in a virtual environment, keep Kaggle and Hugging Face tokens out of source control and logs, download into a dedicated project directory, keep dependencies updated or locked to patched versions, and review preview/data-card outputs before sharing because they may include raw sample rows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly instructs users to perform network operations against Kaggle, Hugging Face, UCI, and Data.gov and to write downloaded files, generated reports, and converted datasets to local storage, yet no permissions are declared. This weakens user and platform visibility into sensitive capabilities and can lead to unexpected data transfer or filesystem modification when the skill is activated.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text is broad enough to activate on ordinary discussions about datasets, repositories, or ML data discovery, even when the user did not ask for downloading or file operations. Over-broad activation can cause an agent to invoke a network- and file-capable skill in contexts where the user only wanted advice, increasing the chance of unintended remote access or local writes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently describes convenience features but does not clearly warn that it will fetch untrusted remote data and write files such as datasets, reports, and converted outputs to disk. In this context, that omission matters because dataset downloads can be large, sensitive, malformed, or unexpectedly numerous, and local writes may overwrite or clutter user storage without informed consent.

Known Vulnerable Dependency: requests==2.31.0 — 5 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +2 more

Medium
Category
Supply Chain
Confidence
91% confidence
Finding
requests==2.31.0

Known Vulnerable Dependency: lxml==4.9.0 — 4 advisory(ies): CVE-2026-41066 (lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to); CVE-2022-2309 (lxml NULL Pointer Dereference allows attackers to cause a denial of service); CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service (or appli) +1 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
lxml==4.9.0

Known Vulnerable Dependency: pyarrow==13.0.0 — 3 advisory(ies): CVE-2023-47248 (PyArrow: Arbitrary code execution when loading a malicious data file); CVE-2023-47248 (Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions); CVE-2024-52338 (Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow)

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
pyarrow==13.0.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.