Graph DB Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Neo4j graph database toolkit with normal database-write risks but no evidence of hidden or malicious behavior.

Install this only if you intend to work with Neo4j or Cypher. Use least-privileged database credentials, test or back up databases before destructive operations, and do not pass untrusted user input directly into labels, field names, WHERE clauses, or raw Cypher strings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This builder interpolates caller-controlled identifiers and query fragments directly into Cypher syntax, including labels, relationship types, variable names, WHERE conditions, RETURN fields, ORDER BY fields, and shortest-path labels/keys. Cypher parameters only protect values, not structural elements, so unvalidated identifiers can enable Cypher injection, query tampering, or unauthorized data access/modification if untrusted input reaches these methods.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal