Data Anonymizer

Security checks across malware telemetry and agentic risk

Overview

This is a data anonymization guide, but it needs review because its examples can expose sensitive data and irreversibly rewrite database records without enough safeguards.

Install only if you will use it on authorized datasets, preferably copied snapshots or non-production exports. Before adapting any SQL, confirm the database target, use least-privilege credentials, take a verified backup, preview affected rows, run in a transaction where possible, and avoid printing or pasting raw PII into chat, logs, or shell history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs scanning files, schemas, and likely production-derived data for PII without any safety guidance about minimizing exposure, obtaining authorization, or avoiding unnecessary disclosure in terminal output. In practice, these commands can surface real sensitive data directly into logs, chat context, screenshots, or shell history, increasing the risk of secondary data leakage during the anonymization process.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal