Python Flow Engine

Security checks across malware telemetry and agentic risk

Overview

This is a small local Python pipeline helper with demo code and no evidence of hidden data access, persistence, or unsafe behavior.

Safe to install for Python pipeline examples. Be aware that its generic trigger terms may make it appear for some unrelated workflow or pipeline questions, so use it when you specifically want this local Python flow-engine pattern.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest description includes very broad trigger terms such as "pipeline," "workflow," "ETL," and "process chain," which can match many ordinary user requests and cause the skill to activate outside a narrow intended scope. Over-broad routing increases the chance that unrelated tasks are handled by this skill, potentially exposing users to unintended code-generation or execution guidance in contexts where a more appropriate skill should respond.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal