Windsor.ai Analytics

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent Windsor.ai analytics integration, but users should understand that queries may involve external business-data access through Windsor.ai.

Install only if you intend your agent to use Windsor.ai for analytics questions. Use a scoped API key where possible, review which business systems are connected in Windsor.ai, and avoid asking broad analytics questions through this skill unless you are comfortable with those queries being handled by the Windsor.ai integration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill auto-invokes for a very broad set of analytics-related requests spanning advertising, CRM, e-commerce, and attribution use cases, without explicit boundaries or consent language. This increases the chance the agent will route ordinary business questions into an external MCP that can access and transmit connected account data, even when the user did not clearly intend to use Windsor.ai.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The description explains functionality but does not clearly warn that natural-language queries will be sent to Windsor.ai and may access connected business, advertising, CRM, or commerce data. In a skill that interfaces with many sensitive business systems, lack of disclosure undermines informed user consent and can lead to unintended external data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal