multi-source-data-cleaner-pro

Security checks across malware telemetry and agentic risk

Overview

This local data-cleaning skill is mostly coherent, but it can save personal data in output and audit files even when users may expect masking.

Review before installing if you will process customer, employee, medical, financial, or other sensitive datasets. Use a protected output directory, avoid `--pii-policy=keep` unless you have explicit authorization, and inspect or delete audit files such as `audit/per_source_profile.json` because they may contain raw sample values.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The pipeline persists both cleaned output and audit/profile artifacts to disk by default, and the CLI allows `--pii-policy=keep`, which can store raw personal data without any explicit warning, consent check, or safer default for persistence. In a data-cleaning skill that processes heterogeneous user-supplied datasets, this increases the chance of accidental retention of sensitive records on local storage, backup systems, or shared workspaces.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal