Tank

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward tank CAD workflow that sends user-provided design inputs to the JXT/Jixietools API and creates guest-accessible production sheet links.

Before using it, confirm you are comfortable sending tank design parameters to jixietools.com. Treat the returned guest code and viewing link like a password, because anyone with the link may be able to view the production sheet or status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs unauthenticated creation of production sheets and unauthenticated status lookup, yet provides no warning that guest codes and returned links may expose work order details to anyone possessing them. In this context, the lack of authentication and privacy notice increases the risk of unintended data disclosure and unauthorized tracking of user-generated artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal