Privacy Compliance Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed privacy-report generator that sends user-provided compliance inputs to a ToolWeb API, so it is usable but should be treated carefully with sensitive company data.

Before using this skill, verify ToolWeb and its legal/privacy terms, use a dedicated revocable API key, and submit categories or anonymized descriptions instead of live personal records, customer identifiers, secrets, or confidential architecture details unless your organization has approved that sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly solicits detailed personal-data inventories, processing purposes, systems, and third-party sharing relationships, then directs users to send that information to an external API endpoint. Even though the purpose is compliance reporting, the skill provides no explicit warning, minimization guidance, data-handling terms, or restrictions on submitting real sensitive/regulated data, creating a meaningful risk of privacy leakage and unintended disclosure of internal data maps.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal