Back to skill

Security audit

CSV Validator & Cleaner / CSV验证与清洗器

Security checks across malware telemetry and agentic risk

Overview

This is a simple CSV-cleaning skill description with no executable installer or hidden behavior, though users should be careful because cleaning and deduplication can change data.

Before using it on important CSVs, work on a copy or choose an explicit output file, and verify whether the underlying command edits data in place. The reviewed artifact itself is only documentation and does not install or run code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises cleaning and duplicate-removal actions but does not clearly warn users that these operations can alter source data, drop rows, or overwrite generated outputs if used incautiously. In a data-cleaning context, omission of this warning increases the chance of accidental data loss or destructive processing, especially when users follow example commands directly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.