Security audit

dingo data quality

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate fact-checking and evaluation skill, but it can send and save user content without clear enough consent and retention controls.

Install only if you are comfortable with articles, datasets, prompts, references, and retrieved context being sent to configured model/search providers and saved locally. Use local or rule-based modes for confidential data, restrict MCP file paths, choose a secure output directory, and delete generated artifacts when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly promotes LLM-based and fact-checking modes that send dataset content, prompts, references, and retrieved context to OpenAI-compatible APIs and external search providers, but it does not clearly warn users that their data may leave the local environment. This is dangerous because users may evaluate sensitive datasets under the false assumption that the tool is purely local, causing unintended disclosure of proprietary or regulated information.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The MCP server instructions enable agent-driven evaluation and file access, but they do not warn that a connected agent may read local files and send their contents to external model or search APIs during evaluation. In an agent integration context this is more dangerous, because remote or semi-autonomous invocation expands the chance of unintended access to sensitive local data and silent exfiltration.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation explicitly states that the tool saves the original article text plus extracted claims and verification details to disk, but provides no warning about potential storage of sensitive, copyrighted, or regulated user-submitted content. In a fact-checking skill, users may input unpublished drafts, internal reports, or personal data, so silent persistence increases the risk of local data exposure, over-retention, and accidental inclusion in logs, backups, or shared workspaces.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends article content to external LLM and optional search services during normal execution, but it does not provide an explicit runtime disclosure or consent prompt at the point where transmission occurs. In a skill context, users may supply sensitive local files for fact-checking, so silent exfiltration of file contents to third-party APIs creates a genuine privacy and data-handling risk even if this is expected functionality.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.