仓配网络优化器

Security checks across malware telemetry and agentic risk

Overview

This skill is a local DuckDB data-analysis helper whose file reads, exports, and optional database persistence fit its stated purpose, with a minor overwrite-risk caution.

Install if you want local DuckDB-based analysis of your own data files. Use explicit output filenames or a dedicated output folder, and avoid reusing names like result.xlsx or analysis.duckdb unless you are comfortable replacing existing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The documentation instructs users to generate `result.xlsx` and other outputs but does not warn that existing files may be overwritten or modified. In a skill with write capability, this can lead to accidental loss of user data, especially if users reuse filenames or run commands in directories containing important spreadsheets.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal