Open Data Integrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed construction data-integration helper whose broad file and network permissions fit its stated purpose, with no evidence of hidden collection, persistence, or destructive behavior.

Install this if you are comfortable granting file and network access for construction data analysis. Provide only the project files and API keys needed for a specific task, use limited provider keys where possible, and review requested exports or external data sources before sharing sensitive business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 84% confidence
Finding: The markdown includes a natural-language reference titled in Russian ("Доминирование открытых данных") alongside English content, but it does not indicate whether non-English material is optional, translated, or intended for a specific locale. Because the policy scope includes language/locale constraints across all file types, this can be read as imposing a language assumption without user opt-in.

External Transmission

Medium

Category: Data Exfiltration
Content: def __init__(self, api_key: Optional[str] = None): self.api_key = api_key self.base_url = "https://api.openweathermap.org/data/2.5" def fetch( self,
Confidence: 50% confidence
Finding: https://api.openweathermap.org/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal