Back to skill

Security audit

Data Quality Check

Security checks across malware telemetry and agentic risk

Overview

This is a coherent construction data quality skill that reads user-provided datasets and can optionally write local quality reports, with no evidence of hidden or destructive behavior.

Safe to install for its stated purpose. Before using it, review which construction files you provide and choose a trusted local output folder for generated Excel or CSV reports, since both inputs and reports may contain sensitive project data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The manifest description emphasizes assessment, validation, thresholds, and reporting, which reads primarily as analytical behavior. The code additionally persists reports to disk via ExcelWriter, which is a side effect beyond pure assessment and may be a broader operational capability than the description suggests.

Natural-Language Policy Violations

Low
Confidence
97% confidence
Finding
The markdown includes Russian book title and quoted guidance alongside English content, which creates a language/locale constraint in the skill instructions without any user opt-in or explanation that the skill is specifically intended for Russian-language users. This matches the policy category for language or locale violations in natural-language content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.