Apache SeaTunnel 数据集成工具助手

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Apache SeaTunnel helper whose database and CDC examples fit its stated data-integration purpose, though users should harden credentials and permissions before using them.

Before installing or using this skill, treat its database credentials and hostnames as examples only. Use environment variables or a secrets manager, least-privilege database accounts, test environments or FakeSource first, and review CDC/sink configs carefully before running them against production data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill provides realistic database sync and CDC examples with hardcoded usernames/passwords and live data movement patterns, but does not warn users about secret handling, least-privilege accounts, masking sensitive data, or the risk of running these configurations against production systems. In an agent context, this can normalize insecure copy-paste behavior and increase the chance of credential exposure, unauthorized replication, or accidental writes to live databases and downstream systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal