Fulcra Onboarding

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it silently installs software, handles authentication, reads and writes Fulcra data, and creates files without enough user-facing consent or scoping.

Install only if you are comfortable with an agent authenticating to Fulcra, creating schemas, sending your first data point to Fulcra, retrieving records for a dashboard, writing a local HTML file, and potentially installing uv. Before using it, require the agent to ask before any install, login, token use, API POST, data retrieval, or file creation, and avoid entering sensitive personal data during onboarding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill directs the agent to silently execute local CLI commands to enumerate data types and fetch records. Even if intended for a legitimate demo, command execution against user data increases risk because it performs non-transparent data access and could be repurposed to retrieve broader data than the user expects if identifiers or time ranges are chosen loosely.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is broad enough that an agent may invoke it in contexts beyond explicit onboarding, increasing the chance of unintended execution. In this skill, unintended activation is more concerning because the workflow includes authentication handling, creation of data schemas, recording user data, and a silent dependency installation step, all of which can trigger side effects without the user clearly requesting them.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The workflow instructs the agent to 'silently verify and install uv if necessary' without warning or obtaining consent from the user. Silent installation of software is a high-risk side effect because it modifies the environment unexpectedly, may violate user expectations or system policy, and is especially dangerous in an onboarding skill that may be auto-invoked or treated as low risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to fetch a fresh access token and immediately place it into shell variables and Authorization headers, but provides no warning about protecting the token from terminal logging, shell history capture, process inspection, or accidental copy/paste into shared environments. While using a bearer token is expected for this API workflow, the omission of credential-handling guidance increases the chance of token exposure during onboarding, especially for less experienced users.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instruction to 'silently run' data-retrieval commands removes transparency around access to the user's recorded Fulcra data. This is dangerous because it normalizes undisclosed inspection of personal or sensitive records during onboarding, undermining informed consent even when the data is used for a legitimate visualization.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill requires writing an HTML file locally but does not clearly warn the user beforehand that a workspace file will be created. While low severity, undisclosed local file creation can surprise users, create persistence they did not expect, and set a bad precedent for silent agent-side modifications to the filesystem.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs the agent to silently run authentication-state checks and potentially initiate an auth login flow that outputs a URL and device code, without clearly disclosing this behavior in the skill description or obtaining user consent first. In an agentic environment, hidden execution of auth-related commands can surprise users, expose sensitive login artifacts in chat, and normalize unsafe credential-flow handling.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to automatically install software by executing shell and PowerShell commands without explicit user confirmation. This is dangerous because it permits unattended execution of privileged system changes, and the Windows path further uses execution-policy bypass plus direct script execution, increasing the chance of silent compromise or unsafe environment modification.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document instructs onboarding users or agents to send annotation data to an external API but does not include any warning, consent step, or data-handling guidance. In an onboarding context, users may provide personal or behavioral data without understanding that it is being transmitted off-host, creating privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal