Wolfram Alpha (LLM API)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Wolfram Alpha API helper that sends chosen queries to Wolfram and caches results locally, with no hidden or destructive behavior found.

Install only if you are comfortable sending selected queries and any optional location/context fields to Wolfram Alpha. Avoid secrets, private business data, or unnecessary location details in queries, use --cache off for sensitive requests, and prefer the default bearer authentication over query authentication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This wrapper can send sensitive user inputs and optional location fields to a third-party service and then persist the full response locally without a clear runtime warning or consent mechanism. In agent settings, queries may contain personal, proprietary, or contextual data, so silent transmission and disk retention increase privacy and data-handling risk beyond what a user may reasonably expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal