Wine Cellar

Security checks across malware telemetry and agentic risk

Overview

This wine-cellar skill is a coherent local tracking tool; its main risk is that it stores personal wine, purchase, and consumption details in local JSON files.

Install only if you are comfortable keeping wine inventory, pricing, and possible consumption/social-event details in local JSON files inside the skill directory. Treat those files as personal data: back them up if needed, delete them when no longer wanted, and avoid recording fields like people present or detailed spending if you do not want that history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill stores privacy-sensitive consumption and purchase history, including dates, occasions, people present, and pricing, in local JSON files without any warning about persistence, sensitivity, retention, or access controls. Even though this is a personal wine-management context, the collected data can reveal behavioral patterns, social relationships, spending habits, and inventory value, making accidental exposure or misuse plausible.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal