Security audit

Ingeniero de datos

Security checks across malware telemetry and agentic risk

Overview

This is a coherent data-engineering skill that generates and reviews pipeline artifacts, with some copy-paste safety cautions around generated commands and credential examples.

Install only if you are comfortable reviewing generated DAGs, SQL, shell commands, and quality reports before running them against real systems. Keep credentials out of generated code and docs, use secret managers or platform integrations, and avoid profiling sensitive production data unless report outputs are controlled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to read reference files and execute local Python scripts, which implies file read and likely file write capabilities, but no permissions are explicitly declared. This creates a trust and policy gap: consumers of the skill may not realize it can access local artifacts and generate outputs, increasing the risk of unintended file access or modification if the surrounding platform relies on declared permissions for enforcement or review.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The generator embeds user-controlled command text directly into BashOperator definitions, enabling creation of pipelines that execute arbitrary shell commands when deployed. In a data-engineering skill this is somewhat expected for orchestration tooling, but it still broadens capability from pipeline design into shell execution and can become dangerous if untrusted input is used to generate production DAGs.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The CDC connector example includes a plaintext database password directly in documentation. Even as an example, this normalizes unsafe secret handling and is likely to be copied into configs, source control, or shared environments, leading to credential leakage and unauthorized database access.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The Snowflake stage creation example embeds AWS credential fields directly in SQL, which encourages hardcoded cloud secrets in application code, notebooks, logs, and query history. If copied into real deployments, exposed keys could allow unauthorized S3 access, data exfiltration, or broader cloud compromise depending on IAM scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.