Back to skill

Security audit

Data Analysis Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ChartGen-backed data analysis tool, but users should treat uploaded datasets as leaving their machine.

Install only if you are comfortable sending selected spreadsheets, CSVs, or JSON data to chartgen.ai. Use a dedicated API key with credit limits, avoid confidential or regulated datasets unless your organization approves that vendor flow, and review generated HTML before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation indicates use of environment variables, local file reads/writes, and outbound network access, yet no explicit permissions are declared. This creates a transparency and governance gap: users or platforms may invoke a skill that exfiltrates local data to a remote API and writes chart output without clear permission signaling. In this context, the danger is increased because the skill explicitly uploads user-provided datasets off-machine to a third-party service.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script writes an HTML file to disk whenever chart options are extracted, even if the user did not request file output. In an agent or automation context, undeclared local writes violate least surprise, can leave persistent artifacts containing potentially sensitive chart data, and may be abused to fill storage or create files in attacker-influenced locations when --output is supplied.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation states HTML generation is optional, but the implementation always saves HTML once chart options are found. This mismatch is security-relevant because callers may assume a read/transform-only operation while the tool actually performs persistent local writes, increasing risk in sandboxed or privacy-sensitive workflows.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger keywords are generic terms such as "calculate," "statistics," and "plot," which can match many unrelated user requests and cause unintended invocation of a skill that reads files and sends data to a remote service. While not directly exploitable as code execution, accidental activation can still lead to unexpected data handling, credit consumption, or privacy exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads an arbitrary local file, base64-encodes its full contents, and sends it to a third-party API endpoint. In an agent skill context, this creates a real data exfiltration risk because users may not realize that local spreadsheet/CSV contents are leaving the host environment and being processed by an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user's natural-language query and the supplied file or JSON data to ChartGenAPI, which is an external service, but there is no explicit runtime disclosure or consent step before transmission. This can expose sensitive spreadsheet or JSON contents to a third party unexpectedly, which is especially risky in a generic data-analysis skill where users may provide confidential business or personal data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script forwards the user-provided query and either a local file path's contents or parsed JSON data to ChartGenAPI.interpret(), which means potentially sensitive datasets are transmitted to an external service. In a data-analysis skill, users may reasonably provide proprietary, personal, or regulated data, so failing to clearly disclose off-box transmission creates a real confidentiality and compliance risk.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.