Back to skill

Security audit

Database Schema Designer / 数据库设计器

Security checks across malware telemetry and agentic risk

Overview

The skill has no executable payload, but its documentation is mostly generic and includes unrelated promotional and affiliate links for external services.

Review before installing. The artifact does not show malicious code, exfiltration, persistence, or destructive behavior, and VirusTotal/static scan are clean. The concern is that the skill is poorly scoped and contains unrelated advertising and affiliate links, plus an unjustified curl requirement. Install only if you are comfortable with that promotional content and do not rely on it as a well-defined schema-design workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill documentation contains unrelated promotional and advertising material, including upgrade pitches and external commercial offers, which is not necessary for a database schema design skill. In an agent context, such content can manipulate outputs, distract from intended functionality, and create a pathway for social engineering or trust abuse through embedded marketing.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The embedded third-party affiliate/promotional links are unjustified for the stated skill purpose and create a direct risk of steering users toward external sites unrelated to schema design. In a tool/agent ecosystem, affiliate links are especially suspicious because they can be used for monetization, phishing, traffic diversion, or reputation laundering under the guise of legitimate skill documentation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description is overly broad and does not define clear activation triggers, permissible inputs, or boundaries on when the agent should use it. This increases the chance of inappropriate invocation, prompt confusion, and unintended behavior, which is a security concern in agent systems because loosely scoped skills can be selected in contexts they were not designed to handle.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.