Security audit

Mini Analysis Column

Security checks across malware telemetry and agentic risk

Overview

This skill is a small local CSV analysis helper with no evidence of hidden access, persistence, or unsafe behavior.

Install this only if you want a simple local helper for numeric CSV column statistics. Be aware it may activate on broad CSV-review wording, and avoid using debug mode on sensitive files because it prints the CSV shape and first rows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrase '帮我看看csv文件的表现' is broad enough to match ordinary user requests and may cause unintended invocation of the skill outside a clearly scoped analytical workflow. Overbroad triggers can hijack benign conversations, leading to incorrect tool selection, unexpected file handling, or accidental exposure of local data to the skill's processing path.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal