Back to skill

Security audit

db-bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a database bridge, but it encourages direct database writes and deletes without enough guardrails.

Install only if you intend agents to operate on the configured database through sql-linker and you trust sql-linker's permissions. Use read-only mode by default where possible, require explicit approval before UPDATE or DELETE, preview affected rows first, keep audit identity accurate, and prefer parameterized APIs over raw CLI WHERE clauses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a constrained table-metadata bridge, but the documented workflow explicitly encourages running arbitrary SQL such as SHOW TABLES, DESC, and SELECT * directly through sql-linker. That mismatch weakens trust boundaries: operators may assume whitelist-based safety while the interface actually exposes broader database introspection and likely a larger attack surface than advertised.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The security section claims all queries use parameterized %s placeholders and tuples, but multiple examples use raw SQL strings and inline where clauses like "supplier_code = 'HW001'". This inconsistency can normalize unsafe query construction and may lead users or downstream wrappers to pass attacker-controlled input into SQL, creating a realistic SQL injection path.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill documents direct INSERT, UPDATE, and DELETE execution as part of the normal fast path, but provides no explicit warning, confirmation step, or safeguard around destructive changes. In an agent setting, this increases the chance of accidental or unauthorized data modification, especially because the workflow emphasizes speed and running commands before reviewing documentation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.