pgvector

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only pgvector guide with disclosed database examples and no hidden executable behavior.

Install is reasonable if you need pgvector reference workflows. Before running the examples, point them at your own dedicated database or schema, use a least-privilege PostgreSQL user, avoid empty passwords outside local development, and review write or delete statements before using them on real data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description is broad enough to trigger on many generic AI, search, database, and retrieval-related requests, which can cause the wrong skill to be invoked in unrelated contexts. Over-broad routing increases the chance an agent exposes database-oriented guidance or connection details when a narrower, task-specific skill should have been selected.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: Including a raw DELETE example without any warning, scoping guidance, or transactional safety can normalize destructive commands and lead users or agents to remove production data unintentionally. In a database skill, this is more dangerous because the skill also provides live connection details and operational commands, making accidental execution more plausible.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal