MongoDB

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MongoDB skill with expected database guidance and no hidden execution or persistence behavior found.

Reasonable to install as MongoDB reference material. Before allowing an agent to run MongoDB commands, especially $out, $merge, index changes, deletes, updates, or production configuration changes, confirm the target database and use staging or backups for important data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: This markdown file documents `$out` as replacing the target collection and notes that it is destructive, but it does not explicitly warn users to confirm the target collection or back up data before use. Because markdown files should disclose behaviors that can affect user data or system integrity, this omission is worth flagging.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal