Back to skill

Security audit

Bim Qto

Security checks across malware telemetry and agentic risk

Overview

This skill coherently helps with BIM quantity takeoff and report export, with expected local file access and no evidence of hidden or harmful behavior.

Install this if you need BIM/CAD quantity takeoff. Provide only project files you intend to process, and use explicit output filenames because the Excel export can create or overwrite a local report file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
83% confidence
Finding
This markdown file embeds code that performs a file write via `to_excel(output_path)` and the surrounding skill description does not warn the user that running the example will create or overwrite a local `.xlsx` file. For markdown and code content, user-affecting file writes should include some visible disclosure, especially when the output path is user-supplied and could point to an existing file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.