axiom-uuid-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a local UUID inspection tool that does what it advertises and shows no evidence of hidden network, persistence, credential, or destructive behavior.

Installers should understand that UUID v1 values can reveal generation time and a device-like node identifier. Avoid logging or sharing raw v1 MAC/node output unless needed, but the skill itself appears local, disclosed, and proportionate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README explicitly advertises extraction of MAC addresses from UUID v1 values and presents forensic/audit use cases, but it does not warn that UUID v1 can reveal device-identifying information and generation time. In a UUID inspection tool, this creates a real privacy and data-handling risk because users may expose, log, or process persistent hardware identifiers without understanding the sensitivity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal