Back to skill

Security audit

dbdoctor-tools

Security checks across malware telemetry and agentic risk

Overview

The skill matches its DBdoctor administration purpose, but it handles database authority and credentials with weak transport and execution safeguards that require review before installation.

Install only in a trusted, isolated environment and only if you need DBdoctor administrative access. Use HTTPS on a trusted network, prefer least-privilege DBdoctor and database accounts, protect or delete .token_cache, avoid putting database passwords in shell history, and require explicit human approval before running execute_sql or manage_instance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The code stores the auth token in a local cache file in the project directory without setting restrictive file permissions, encryption, expiry handling, or user notice. Any local user, process, backup system, or accidental repository inclusion could expose the token and allow session hijacking.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The login code transmits credentials to a remote endpoint and simultaneously disables TLS certificate verification with verify=False. If the configured base URL is intercepted or redirected, an attacker performing man-in-the-middle interception could capture credentials or tokens despite the password being AES-encrypted at the application layer.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The email verification flow sends the user's email address to a remote endpoint and, elsewhere in the same flow, submits the verification code back to the service, yet there is no clear disclosure and TLS verification is disabled. In this agent skill context, the code handles real account authentication, so silent transmission of identity and login factors is more sensitive than generic telemetry.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guideline explicitly instructs collection of database access address, port, account, and password for instance management, but provides no safeguards for secret handling, minimization, masking, or safer alternatives. In an agent skill context, this can normalize requesting plaintext credentials from users and increase the risk of credential exposure in chat logs, tool traces, analytics systems, or downstream integrations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This script directly forwards arbitrary SQL to a remote execution endpoint and exposes it as a CLI operation without any interactive confirmation, policy guardrails, or enforcement of read-only behavior. In the context of an agent skill, that makes destructive statements such as DROP, DELETE, TRUNCATE, ALTER, or privilege-changing SQL easy to execute against real databases, increasing the risk of accidental or unauthorized data loss.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
"""
    url = f"{config.base_url}{path}"
    token = get_token()
    resp = _requests.get(url, params=params, headers=_build_headers(token), verify=False, timeout=30)

    # Refresh and retry once when token expires
    if _is_auth_failure(resp):
Confidence
99% confidence
Finding
verify=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
if _is_auth_failure(resp):
        print("Token expired. Re-authentication required...", file=sys.stderr)
        token = refresh_token()
        resp = _requests.get(url, params=params, headers=_build_headers(token), verify=False, timeout=30)

    resp.raise_for_status()
    return resp.json()
Confidence
99% confidence
Finding
verify=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
"""
    url = f"{config.base_url}{path}"
    token = get_token()
    resp = _requests.post(url, params=params, json=json_body, headers=_build_headers(token), verify=False, timeout=30)

    # Refresh and retry once when token expires
    if _is_auth_failure(resp):
Confidence
99% confidence
Finding
verify=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
if _is_auth_failure(resp):
        print("Token expired. Re-authentication required...", file=sys.stderr)
        token = refresh_token()
        resp = _requests.post(url, params=params, json=json_body, headers=_build_headers(token), verify=False, timeout=30)

    resp.raise_for_status()
    return resp.json()
Confidence
99% confidence
Finding
verify=False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.