Driveshaft

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for generating driveshaft CAD drawings, but it sends design parameters to a third-party service and creates unauthenticated guest links without a clear privacy warning first.

Install only if you are comfortable sending driveshaft design parameters to jixietools.com and receiving a guest-access link for the generated production sheet. Do not use it for confidential or proprietary mechanical designs unless you have confirmed the service's access controls, retention, and sharing behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to create a remote production sheet and surface a browser-accessible guest link without clearly warning the user in advance. This is dangerous because user-provided design parameters are transmitted to a third-party service and associated with an unauthenticated guest access URL, which can expose potentially sensitive engineering data if shared, logged, or guessed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal