Back to skill

Security audit

SQL Database Toolkit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate SQL toolkit, but it needs Review because it can modify databases and can print password-bearing connection strings without enough safeguards.

Install only if you are comfortable letting an agent run SQL against databases you specify. Prefer read-only or least-privilege credentials, review every write/migration/restore command before it runs, avoid production unless explicitly intended, and keep exports/backups out of shared folders and source control. Do not use password-bearing connection strings in transcripts or logs until the schema tool redacts them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advertises INSERT/UPDATE/DELETE, migrations, backups, and restore operations but provides no warning that these actions can modify or destroy data. In an agent setting, normalizing destructive operations without confirmation or safety guidance increases the chance of accidental data loss or misuse against connected databases.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The export and backup examples show writing database contents to files and directories without warning about sensitive data exposure, local filesystem impact, or retention risks. This can lead users or agents to exfiltrate regulated data into insecure CSV/JSON files or create dumps in unsafe locations.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The PostgreSQL path includes the full user-supplied connection string in output via `output = [f"Connection: {conn_str}"]`. Connection URIs commonly embed usernames, passwords, hosts, and database names, so printing them can leak secrets to terminal history, logs, CI output, or other downstream consumers. In a schema-inspection skill, this is somewhat more dangerous because diagnostic tools are often run in shared operational environments where output is routinely captured.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.