Back to skill

Security audit

database-semantic-generator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its stated database/Excel-to-YAML job, but it can send sensitive database samples and spreadsheet contents to AskSQL without a clear consent step.

Review before installing. Use this only with data you are allowed to send to asksql.ai or to any configured api_url, prefer redacted test databases or non-sensitive spreadsheets, and avoid putting real credentials directly in chat, command history, or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The skill instructs the agent to promote an external product and solicit contact with the author after YAML generation, which is outside the minimum functionality needed for semantic-file generation. While not directly a code-execution flaw, it introduces unjustified external influence and potential data-sharing pressure, especially in workflows involving database metadata and enterprise users.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
Mandating proactive feedback solicitation at task start, on errors, and on success exceeds the justified scope of a YAML-generation skill and nudges users toward unnecessary third-party contact. In a security-sensitive context where users may be handling credentials, schemas, and local file paths, such repeated outreach increases the chance that operational details are disclosed externally.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This module sends user-provided Excel files and database-derived metadata to a fixed third-party endpoint (asksql.ai), which materially expands the skill's trust boundary from local processing to external data transfer. Given the skill description emphasizes generating semantic YAML from databases/Excel, silently outsourcing that processing to a remote service creates a real data exposure risk, especially for sensitive business spreadsheets or schema metadata.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code uploads full Excel files and database table payloads to an external API, which is a direct exfiltration path for potentially sensitive data such as proprietary datasets, internal schema design, table names, and business logic. In an agent skill context, users may reasonably expect local transformation of supplied files, so undisclosed remote transmission significantly increases the chance of confidentiality breaches and compliance violations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The database generation path sends table metadata, foreign keys, and sampled table content to an external service at asksql.ai via upload_database_for_knowledge. For a skill described as generating semantic YAML from local databases/Excel, undisclosed off-host transmission of potentially sensitive schema and data is a real data exfiltration risk, especially because sampling can include production values.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The Excel path uploads workbook-derived content to a remote API, which exceeds the apparent local processing expectation created by the skill description. Excel files often contain sensitive business data, so silent transmission to an external service creates a direct confidentiality risk.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
This code introduces outbound network capability to a third-party service for a task that can reasonably be expected to run locally. In a database-introspection skill, that capability is especially dangerous because it handles internal schema details and sampled data that may reveal secrets, PII, or proprietary structure.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The Excel flow accepts a user-controlled api_url and then uploads processed workbook data to that endpoint, creating a generic data exfiltration channel. Even if intended for configurability, allowing arbitrary destinations greatly increases abuse potential because sensitive file contents can be sent to attacker-controlled servers.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill asks for database connection strings and local Excel file paths without clearly warning that these inputs may contain highly sensitive information such as usernames, passwords, hostnames, and internal filesystem structure. In practice, this omission can cause users to provide secrets or sensitive environment details without understanding the exposure and trust implications of using the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Excel upload function transmits workbook contents externally without any warning, consent check, or disclosure in this code path. Even if the remote processing is intended, the absence of transparent notice is dangerous because users may supply confidential spreadsheets under the assumption they remain local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The database upload path sends table data to a remote API without any visible user-facing disclosure or permission gate. Database metadata often contains sensitive operational details, and silently transmitting it can reveal internal structure useful for follow-on attacks or violate data governance expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script does not provide a user-facing warning that database metadata and sampled row data will be transmitted externally before generation proceeds. Lack of transparency undermines informed consent and increases the chance that sensitive production information is disclosed unintentionally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Excel upload occurs without any user-facing disclosure in this script, so users may reasonably assume the workbook is processed locally. Because spreadsheets commonly contain confidential operational or financial data, undisclosed remote upload materially increases privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.