Back to skill

Security audit

test-asdasdasd

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do document field extraction as described, but it can upload local and sensitive documents to remote DPA services over plain HTTP without a strong consent or retention explanation.

Review before installing if you may process confidential documents. Use only approved DPA endpoints, prefer HTTPS overrides, and confirm who controls the service and how uploaded files, task IDs, and extracted results are retained or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly allows `document_url` to be a local file path and states that local files will be uploaded to a remote file service, but it does not present this as a clear user-facing warning or consent boundary. This creates a real data exfiltration risk because users may reasonably believe processing is local when sensitive documents are instead transmitted off-host.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation lists plaintext HTTP endpoints for upload and document processing but does not clearly warn that full document contents and extracted metadata will be transmitted to those remote services. This is dangerous because sensitive business, financial, or contractual documents and their extracted fields could be intercepted in transit or disclosed to infrastructure operators without informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.