当用户希望“通过建表语句 + 慢 SQL 自动优化索引”时使用此 Skill，支持 MySQL、Oracle、PostgreSQL。脚本使用 Python，自动解析 DDL 与慢 SQL 中的 WHERE/JOIN/ORDER BY 列，生成候选索引及对应数据库的 CREATE INDEX 语句，并输出到文件。

Security checks across malware telemetry and agentic risk

Overview

This skill is a local SQL index suggestion tool that reads user-provided SQL files and writes a report, with no evidence of hidden access or network behavior.

Install if you are comfortable letting it read the DDL and slow-query files you point it at and write an output report. Use a project workspace, choose the output path carefully to avoid overwriting important files, and review generated CREATE INDEX statements before using them on a production database.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to read user-supplied input files and write generated output files, but it declares no permissions. That mismatch can bypass user/admin expectations and reduce policy enforcement around filesystem access, which matters because both input and output paths are externally provided and could expose sensitive files or overwrite unintended locations.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal