Back to skill

Security audit

kettle-sql-extractor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local tool for extracting and merging SQL from Kettle files, but its generated outputs and production-execution examples need careful handling.

Install and run this only in a controlled project workspace. Point it at specific Kettle files or directories, treat generated SQL and reports as sensitive, avoid committing reports accidentally, and manually review/test any generated executable SQL in a non-production database before considering production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill is presented primarily as a SQL extraction utility, but the documentation indicates materially broader behavior: structural SQL analysis, HTML/JSON report generation, executable SQL generation with transaction control, and unrelated verification scripts. This expands the attack surface and can cause users to grant trust or run outputs they did not expect, especially the generated executable SQL and extra artifacts that may expose sensitive schema or business logic.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quickstart includes a recursive deletion command (`find ... -exec rm -rf`) that can remove many directories and is presented as routine cleanup without safeguards, warnings, or a safer alternative. In operational docs, users often copy-paste commands directly, so a destructive example can lead to accidental data loss, especially if the target path is mistyped, symlinked, or broader than expected.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation presents generated SQL as suitable for direct execution in production and gives a concrete execution example without a prominent requirement to review the SQL first. Because the tool extracts and merges statements from Kettle jobs, the output may include DDL/DML that alters schema or data, so encouraging direct production use can lead to destructive or irreversible changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This workflow explicitly normalizes generating executable SQL for a production job and then using it in a production environment, but it does not clearly require backup, review, change approval, or rollback preparation. If operators follow the example as written, they may run merged SQL that drops, truncates, updates, or recreates objects, causing outage or data loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The 'next steps' section encourages users to directly execute the generated SQL without pairing that recommendation with warnings about destructive database effects. In context, this is risky because the skill is specifically about extracting and merging SQL from ETL jobs, which commonly contain impactful schema and data operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists extracted SQL, source file paths, and analysis metadata to disk in multiple files without any explicit consent, warning, redaction, or protection controls. In this skill's context, extracted SQL may contain business logic, credentials, schema details, or sensitive table names, so writing it by default increases the risk of accidental disclosure through shared workspaces, backups, logs, or source-controlled output directories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The HTML report embeds file names, table names, output paths, and raw error text directly into a browsable artifact, expanding the exposure surface beyond machine-readable files. In this context, Kettle job names, schema names, and filesystem paths can reveal internal architecture, while unescaped error text or metadata can also create client-side content injection risk if hostile file names or error messages are present.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.