Csv Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local CSV command-line tool; the main thing to watch is that output options can overwrite files.

Install this only if you want a local Python CSV helper. Use it on files you intend to process, avoid unnecessary sensitive datasets, and double-check any -o/--output path so you do not overwrite an important file.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and demonstrates file read/write behavior but does not declare permissions, which weakens transparency and policy enforcement around filesystem access. In an agent environment, undeclared I/O capabilities can cause the skill to be invoked without adequate user awareness, increasing the risk of unintended data exposure or overwriting local files.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation shows commands that write output files but does not warn about overwriting or data loss, which can lead users or agents to modify files unsafely. In a command-executing context, missing warnings around file output materially increase the chance of accidental destruction of user data, especially when reusing input/output filenames or existing paths.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal