Dry Lab Career

Security checks across malware telemetry and agentic risk

Overview

No malicious behavior is evident; the main caution is that the skill may send session or user metadata to an external service without much privacy detail.

Before installing, confirm you are comfortable with the external service receiving session/user identifiers and timestamps, and avoid using it with accounts or sessions that expose more information than necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documentation encourages collection and transmission of session identifiers, user IDs, and precise timestamps, but provides no privacy notice, minimization guidance, retention limits, or handling constraints. Even if these fields seem operational, they can enable user tracking, correlation across requests, and unnecessary exposure of potentially sensitive metadata when sent to an external service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal