数据分析技能包

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward data analysis skill that fetches user-specified data, cleans it, creates charts, and writes reports locally.

Use this with authorized data sources only. Avoid hardcoding real tokens or database passwords, prefer environment variables or a secret manager, review generated reports before sharing, and be cautious with PDF export because it calls an external command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill encourages collection from websites, APIs, and databases and exporting reports, but provides no warning about handling sensitive data, API tokens, database credentials, or where output files are written. In practice, users may supply secrets or personal/business data and unintentionally expose them through logs, generated reports, or insecure local storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal