Data Extractor

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward data-parsing helper with no hidden execution, network behavior, credential use, or persistence.

Safe to install as a parsing helper. Only ask it to process logs, CSVs, JSON, or local files you actually want analyzed, since those inputs may contain personal, business, or confidential data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases such as "extract data" and "clean data" are broad enough to match many ordinary requests, which can cause the skill to activate in contexts the user did not intend. In an agent environment, over-broad activation increases the chance that the skill processes sensitive content or local data unexpectedly, especially because the skill includes file-reading examples and aggressive parsing behavior.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill includes examples that open local file paths for streaming and parsing, but the description does not warn that these actions may read local files. In a tool-using agent setting, this can normalize unsafe behavior and lead to accidental access to sensitive local data if a user request is ambiguous or if the skill is auto-invoked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal