Back to skill

Security audit

Data Model Designer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent construction data-modeling helper, with normal caution needed for local file access and generated SQL drafts.

Install only if you are comfortable granting filesystem access for the project files and export paths you choose. Review and validate generated SQL identifiers before running the DDL against any real database, especially when names come from untrusted files or user input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest says this skill is for designing data models, including ER diagrams, schemas, and database structures. However, the instructions position it as a broader construction data processing and analytics assistant and explicitly describe generating documents or reports with summary statistics and findings, which exceeds the stated data-model-design scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.