Privacy Policy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a privacy-policy generator, but it also bundles an unrelated security-tool script that gives misleading results and stores user inputs locally.

Install only after reviewing which script your agent will execute. Treat generated privacy policies as draft templates requiring legal and operational review, and do not pass secrets, private file paths, or confidential compliance details to the bundled helper commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The script presents itself as a security scanning and hardening tool, but the implemented commands are largely informational placeholders that do not perform meaningful security validation or remediation. In a security context, this can create a dangerous false sense of protection, causing users or downstream agents to rely on nonexistent safeguards and miss real vulnerabilities.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The helper logs raw command arguments to a persistent history file without user disclosure or redaction. Because commands like check, encrypt, and hash may receive sensitive inputs such as secrets, file paths, or compliance-related data, this behavior can silently leak confidential information to local storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal