Back to skill

Security audit

Deepvista Vistabase Card

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent DeepVista card-management helper with disclosed read and write operations and no evidence of hidden or unrelated behavior.

Install only if you trust the DeepVista CLI package and the required deepvista-shared auth/profile skill. Treat create, update, edit, delete, pin, and archive as real changes to your DeepVista knowledge base, and ask your agent to confirm before any write command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The helper commands `+pin` and `+archive` are write operations that change card state, but unlike the main CRUD write commands they do not explicitly instruct the agent to confirm with the user before execution. In an agent setting, inconsistent confirmation guidance increases the chance of unintended state changes from ambiguous prompts or autonomous action.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.