SQL to BI Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local SQL-to-dashboard generator with normal prototype-service risks, but no evidence of hidden or malicious behavior.

Install only if you are comfortable running local Python scripts that write generated files, install packages, and start localhost demo services. Review generated service code before using sensitive SQL or business metadata, avoid exposing the backend beyond your machine, and vendor or pin CDN assets before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to read input files, write generated artifacts and services, execute shell commands, create virtual environments, install dependencies, and start backend/frontend services, yet it declares no permissions. This creates a capability-transparency gap: a caller or platform may treat the skill as low-risk while it can modify the filesystem, run commands, and expose networked services, increasing the chance of unintended execution or abuse.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script generates a fully runnable backend, frontend, and launcher scripts rather than only producing BI dashboard artifacts. That materially expands the skill's operational scope and attack surface by creating services that can be started, exposed, and interacted with, which is riskier than the stated purpose of converting SQL markdown into dashboard specifications/UI scaffolds.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The generated startup script creates a virtual environment, upgrades pip, installs dependencies from the network, and launches a server. This introduces package-install and execution side effects not obviously necessary for a file-conversion skill, creating supply-chain and unintended-execution risk if users run the generated scripts without understanding those consequences.

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The optional --with-services mode expands the skill from generating a BI dashboard/UI scaffold into generating a backend/frontend service bundle, which exceeds the narrowly described manifest scope. This kind of scope expansion is dangerous because it can cause the agent to create executable service code and deployment-oriented artifacts that users and reviewers may not expect from a conversion-focused skill.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The startup script performs networked package installation and starts a listening application without any user-facing disclosure in the generated output itself. Even though the server binds to localhost, this can still surprise users and cause unnecessary package-fetching and code execution from external repositories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal