Back to skill

Security audit

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This database helper is mostly transparent, but it includes database restore and import commands that could overwrite or change real data without enough built-in guardrails.

Install only if you want an agent to help with database administration as well as read-only exploration. Before using it on production or shared databases, require the agent to show exact commands, confirm the target database, use read-only credentials when possible, and get explicit approval before any restore, import, write, or full export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a database exploration and debugging aid, but it also documents backup, restore, and migration operations that can materially alter or overwrite data. Expanding beyond read-only exploration increases the chance an agent will perform high-risk actions under a broadly activated skill, especially because restore/import flows are operationally dangerous and not tightly scoped.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill states that write operations require explicit confirmation and transaction safety, but later provides direct restore/import commands that bypass those safeguards. This inconsistency is dangerous because an agent may follow the later concrete commands instead of the earlier policy, leading to accidental destructive changes or data replacement.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Including full backup, restore, and migration capabilities exceeds the skill's stated purpose of querying, schema inspection, exporting, and debugging. In an agent setting, this widens the operational scope from observational tasks to administrative actions, increasing the risk of misuse, accidental writes, or unauthorized data movement.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation phrases are broad enough to match many ordinary database-related requests, but the skill contains high-risk capabilities beyond simple inspection. Loose triggering combined with write-capable instructions raises the likelihood that the skill will activate in contexts where the user only intended read-only help, creating an unsafe mismatch between intent and available actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The backup and especially restore instructions omit prominent warnings that these actions can affect live systems, overwrite data, or import unintended contents. In a skill intended for agent use, presenting such commands without explicit hazard labeling and confirmation steps makes accidental destructive execution substantially more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.