RFM Segmenter

Security checks across malware telemetry and agentic risk

Overview

This is a marketing analysis skill with no executable install behavior, but users should apply SMS and phone outreach compliance rules before using its campaign suggestions.

Before installing or using this skill, be prepared to supply customer order data only from approved sources and follow your own marketing compliance rules. Use SMS or phone suggestions only for customers who have given the required consent, honor opt-outs and unsubscribe requests, screen do-not-call restrictions where applicable, and verify GDPR/CCPA/TCPA/CAN-SPAM obligations before launching campaigns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The playbook recommends SMS win-back, phone calls, and personal outreach without any guardrails around prior consent, opt-out handling, do-not-call restrictions, or lawful basis for using customer contact data. In a customer-marketing skill, these omissions can lead users to deploy outreach that violates privacy and telemarketing rules, creating legal, compliance, and reputational risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal