daily-scan

Security checks across malware telemetry and agentic risk

Overview

This is a local document-scanning skill that saves searchable PDFs for later retrieval, with no evidence of hidden upload, credential access, or unrelated file access.

Install only if you are comfortable with scanned document outputs being kept locally under daily-scan-storage for later lookup. Avoid scanning highly sensitive records unless you control local file permissions and have a retention/deletion process. VirusTotal is still pending, but static scan and artifact review did not show exfiltration, destructive behavior, or credential handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill stores original document photos, OCR text, and searchable PDFs locally for later retrieval, but the user-facing description does not clearly warn about retention of potentially sensitive document contents. This is dangerous because users may submit IDs, bills, contracts, or medical records without informed consent about persistent local storage and future searchability.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal