sql-linker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed database CRUD helper with audit and configuration persistence; the main scanner concerns are stale examples, while the runtime requires confirmation before bootstrap writes.

Install only where the agent is allowed to access the configured database. Keep database permissions narrow, leave read_only enabled unless writes are intended, enable require_explicit_credential_approval for shared or sensitive environments, and only run bootstrap with explicit confirmation after reviewing the files it will create.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The documentation states that version 1.2.3 requires `explicit_confirm=True` before bootstrap writes files, but the example still shows `db.bootstrap()` performing actual creation without that parameter. This contradiction can mislead an agent or developer into invoking persistent file creation unexpectedly in the user environment, undermining the stated safety control.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example demonstrates real file creation but omits the newly required confirmation parameter and any user-facing approval step. In an agent skill, examples often become copy-paste execution paths, so this creates a practical risk of unauthorized local persistence and configuration side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal