Encrypted File Reader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local file-reading helper, but any file it reads may be exposed to the AI session output.

Install only if you want an agent to read local files that you explicitly name. Avoid using it on credentials, secrets, private business documents, or broad filesystem paths unless you are comfortable with those contents being printed into the AI/tool output context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script prints the entire contents of any specified local file directly to stdout, which can expose sensitive data through terminal history, logs, pipelines, or higher-level agent output channels. In an agent-skill context, this is more dangerous than a normal CLI utility because the tool can be used to exfiltrate secrets from readable local files without any masking, confirmation, or path restrictions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal