Back to skill

Security audit

Auto Estimate Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent construction estimating helper; its local Excel export can overwrite a chosen file path, but that behavior matches its stated purpose and is not hidden or malicious.

Install if you trust the publisher and intend to use it with construction QTO, pricing, and estimate files. When exporting Excel reports, choose an explicit project output path and do not point it at existing files or sensitive system locations unless you are comfortable overwriting them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
91% confidence
Finding
This markdown file contains code that performs a file write via `pd.ExcelWriter(output_path)` and saves project estimate data, but the surrounding skill description does not warn users that running the export will create or overwrite a local file. Under the markdown-file criteria, behaviors affecting user data or system state should be disclosed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.