Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This database helper is only documentation and has no hidden code, but it includes high-impact restore and import commands under a broad database-exploration skill.

Install only if you are comfortable with a database skill that includes export, restore, and import guidance. Use read-only or least-privilege credentials by default, avoid production credentials unless necessary, and require explicit human confirmation of the target database, source file, backup state, and expected impact before any restore, import, migration, or full export command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is presented as a database exploration/querying tool, but it also includes restore and migration commands that can modify or overwrite data. This scope expansion is dangerous because an agent may invoke these examples in contexts where only read-only access was expected, increasing the chance of destructive database changes.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The document declares the skill read-only by default, but later provides direct restore and import commands that perform writes without the stated confirmation and transaction workflow. This contradiction can cause an agent or user to trust the skill as safe while still executing destructive operations, creating a high risk of accidental data loss or corruption.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The activation phrases are broad enough that the skill could trigger on casual requests like 'check the database' or 'show me the data' without sufficient scoping. In a skill that can expose schemas, records, credentials, or operational details, overly broad activation increases the chance of unnecessary database access and accidental sensitive data exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Backup, restore, and import instructions are presented without prominent warnings that restore and data-loading operations can overwrite or alter production data. In a database skill, such omissions are especially risky because users may assume examples are safe operational defaults and run commands against live systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal