Back to skill

Security audit

sql-linker

Security checks across malware telemetry and agentic risk

Overview

This database skill has sensitive but disclosed database and credential behavior, with no evidence of hidden execution or exfiltration.

Install only for databases where agent-assisted CRUD is acceptable. Use a least-privileged database account, keep read_only enabled until writes are needed, enable explicit credential approval for sensitive environments, and review any generated set_env script before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Self-Modification

High
Category
Rogue Agent
Content
### English

On first use or when config files are missing, the system automatically generates default templates (idempotent, will not overwrite existing files):

> ⚠️ **Bootstrap auto-creates config**: On first use, config files (`config.yaml`, `audit_config.json`, etc.) are auto-created in `~/.sql_linker/`. Use `set_env.ps1` to set password to Windows env. `bootstrap()` is idempotent and won't overwrite existing files, but will create missing ones.
Confidence
84% confidence
Finding
overwrite existing file

Session Persistence

Medium
Category
Rogue Agent
Content
⚠️ **Linux/macOS Security Warning**: `set_env.sh` will modify `~/.bashrc` or `~/.zshrc` to persist the environment variable. Review the script content before running to understand the changes.

For full manual control, create these files before invoking the skill. `bootstrap()` is idempotent but prints a safety warning before creating files.

***
Confidence
92% confidence
Finding
create these files before invoking the skill. `bootstrap()` is idempotent but prints a safety warning before creating files. *** ## 密码来源优先级 ### 中文 `password` > `password_env` + `dbpw_key` > `passw

Session Persistence

Medium
Category
Rogue Agent
Content
### English

On first use or when config files are missing, the system automatically generates default templates (idempotent, will not overwrite existing files):

> ⚠️ **Bootstrap auto-creates config**: On first use, config files (`config.yaml`, `audit_config.json`, etc.) are auto-created in `~/.sql_linker/`. Use `set_env.ps1` to set password to Windows env. `bootstrap()` is idempotent and won't overwrite existing files, but will create missing ones.
Confidence
78% confidence
Finding
write existing files): > ⚠️ **Bootstrap auto-creates config**: On first use, config files (`config.yaml`, `audit_config.json`, etc.) are auto-created in `~/.sql_linker

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.