Back to skill

Security audit

Dfw Content Calendar

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent LLM-backed social content calendar generator, with expected API use but limited privacy notice around remote model fallback.

Install if you are comfortable with an Anthropic-backed content generator. Use --demo or LLM_BACKEND=local for testing or sensitive campaign details, and avoid putting confidential customer, campaign, or performance data into prompts unless you intend it to be sent to the selected model backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill encourages users to upload past engagement results and tracker data into an API-backed workflow without clearly warning that these files may contain sensitive business analytics, campaign performance, or customer-derived operational data. In context, the skill requires ANTHROPIC_API_KEY and explicitly processes prior results, so users may unknowingly transmit commercially sensitive information to an external model provider.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
When local inference is unavailable, the tool silently falls back to Anthropic and sends user-supplied `niche` and `audience` content to an external provider. This creates an unannounced data-transfer/privacy risk, especially if users assume operation is fully local based on the tool description or environment settings.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.