SaaS辅助决策助手

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent SaaS research-and-report generator that uses web research and local HTML output without hidden persistence or credential access.

Before installing, expect the skill to perform external web searches/fetches using the SaaS idea and market details you provide, then write a local HTML report. Avoid entering proprietary or confidential strategy, choose the output path deliberately, and treat the report’s financial estimates as advisory rather than verified business advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow instructs the agent to perform WebSearch and WebFetch using the user's product idea, target market, and pain points, but the user-facing description does not warn that these inputs will be sent to external services. This creates a privacy and confidentiality risk because sensitive business concepts or internal strategy details could be disclosed to third-party search/fetch providers without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal