Back to skill

Security audit

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This database skill is mostly coherent, but it includes high-impact restore and migration commands that can change databases without enough prominent scoping for an exploration-focused skill.

Install only if you want an agent to handle database administration-adjacent tasks, not just read-only exploration. Before use, require the agent to identify the database, environment, and exact operation, and demand explicit confirmation before any restore, import, migration, UPDATE, DELETE, DROP, or full export involving sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill’s stated purpose is database exploration, querying, and export, but it also embeds restore and migration workflows that can modify or overwrite data. In an agent context, this expands the operational scope from read-oriented inspection into write/destructive administration, increasing the chance that the agent performs high-risk actions under an exploration request.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The skill declares a read-only-by-default safety model, but later provides restore/import commands that directly write to databases without requiring preview, dry-run, or confirmation. This inconsistency is dangerous because downstream agents may treat the skill as safe for exploratory use while still being handed copy-paste-ready destructive commands.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation cues are broad enough to match routine requests like 'check the database' or general debugging statements, which can cause the skill to engage in contexts where database access was not clearly intended. In an automated agent system, overbroad triggers increase the risk of unnecessary credential handling, schema exposure, or execution of sensitive commands on production systems.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The export, backup, restore, and migration instructions perform filesystem writes and potentially destructive database changes, but the skill does not foreground these risks in its high-level description or warning banners. That mismatch can mislead users and orchestration systems into treating the skill as low-risk exploration tooling when it actually enables data exfiltration and destructive modification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.