Back to skill

Security audit

MSA分析技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MSA analysis guide that only contains instructions, with no packaged executable code or hidden behavior found.

Before installing, understand that this appears to be a benign analysis guide, but it references scripts and templates that are not included in the package. If you use or add those scripts later, validate spreadsheet inputs, avoid executing macros, sanitize user-derived fields before embedding them in HTML, and handle measurement data as potentially sensitive business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill instructs parsing uploaded Excel/CSV files and generating local HTML artifacts, but it does not warn about untrusted file handling, sensitive data exposure, or risks from opening generated reports. In a workflow that accepts user-supplied files and produces browser-opened output, missing safety guidance can lead to unsafe processing of malicious files, accidental retention of sensitive data, or opening reports that contain unsanitized content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.