Back to skill

Security audit

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This database helper is understandable, but it includes high-impact restore, backup, export, and migration commands without enough scoping or safeguards.

Install only if you intentionally want an agent to access databases. Use read-only credentials where possible, avoid putting real passwords in chat or shell history, and require explicit confirmation before any export, backup, restore, import, migration, or write operation, especially against production systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is framed as a database exploration/query tool, but it also documents restore and migration workflows that can modify live databases and filesystem state. In an agent setting, this expands capability from read-only inspection into high-risk state-changing operations, increasing the chance of accidental destructive actions when the skill is invoked for routine diagnostics.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document states that writes should require confirmation and be read-only by default, but later includes direct restore and import commands with no embedded confirmation flow or safeguard. This inconsistency is dangerous because agents may follow the later actionable commands literally, bypassing the earlier safety policy and causing destructive changes.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Including restore and cross-database migration functionality is broader than the stated exploration purpose and creates unnecessary access to impactful operations. In practice, this capability creep raises the risk that a user or agent invokes administrative actions under the guise of simple database inspection.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough that ordinary conversation such as 'check the database' or mentioning a DB name could activate the skill unintentionally. Because this skill can access sensitive data and includes state-changing guidance elsewhere, accidental invocation increases the chance of overbroad data exposure or unintended operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The backup and restore section presents restore commands and file-overwriting operations as ordinary examples without immediate warnings about destructive effects. In an agent workflow, that can normalize running commands that overwrite database contents or write sensitive dumps to disk, creating both integrity and confidentiality risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.