TDengine Setup

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it can make persistent database-service changes that users should approve explicitly.

Before installing, review the exact commands, confirm the target machine, avoid running on production unless intended, and make sure you know how to stop, disable, and uninstall the database service. Use least-privilege credentials and backups for any real data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs users to download, install, and start a database service and to enable it at boot, but it does not clearly warn that these actions modify the host system, install software, and create persistent services. In an automation context, lack of explicit disclosure and confirmation increases the risk of unintended system changes and unsafe execution on production hosts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal