Knowledge Graph - Neo4j Integration

Security checks across malware telemetry and agentic risk

Overview

This skill is a Neo4j database helper, but its included connector claims successful production database operations while only simulating them.

Review this skill carefully before installing. It does not appear to steal data or run hidden code, but do not rely on its Python connector for real Neo4j production work until it is replaced with an actual Neo4j driver implementation and destructive query examples are handled with explicit safeguards.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The module presents itself as a production Neo4j integration and prints readiness/success messages, but it never establishes a real database connection and only simulates operations. This is dangerous because downstream agents or operators may trust that persistence, transactions, and graph updates occurred when in fact no real database state changed, causing silent integrity and workflow failures.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The execute_query API claims to execute arbitrary Cypher, but it only classifies query text and returns canned results. In an agent skill, this can mislead higher-level automation into making security-relevant or business-critical decisions based on fabricated database responses rather than actual query outcomes.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The transaction methods only mutate local status flags and do not create, commit, or roll back database transactions. This can create a false guarantee of atomicity, leading callers to believe sensitive write sequences are protected when partial failures or inconsistent state would occur in a real deployment.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation includes destructive Cypher operations such as DELETE without any explicit warning about irreversible data modification. In an integration skill for a live database, users may copy and run examples against production or shared environments, causing unintended data loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal