Back to skill

Security audit

Db Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a database helper with sensitive but disclosed database access and admin examples, so it should be used carefully but does not show hidden or malicious behavior.

Install only if you want an agent to help with real database access. Use read-only or narrowly scoped credentials where possible, review every generated command before it runs, avoid production restores or migrations unless you explicitly requested them, and protect or delete any exported CSV, JSON, or backup files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a database exploration/debugging tool, but it additionally documents backup, restore, and migration workflows that can modify or overwrite data and move it across systems. This scope expansion is dangerous because an agent may invoke higher-risk operations under the guise of routine inspection, increasing the chance of destructive or unauthorized actions.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The safety section promises read-only behavior and confirmation before writes, yet later examples include restore and import commands that directly perform write operations without any confirmation workflow. This contradiction can mislead users and downstream agents into trusting the skill as safe while still exposing destructive commands that can overwrite data or alter production systems.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Database restore capability is materially riskier than exploration or export because it can replace, corrupt, or inject data into a target database. In the context of a broadly triggered exploration skill, including restore instructions makes accidental or unauthorized destructive actions more plausible.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The migration helper includes loading exported data into another database, which is a write operation outside the declared exploration/debugging scope. This creates risk of data leakage, unauthorized replication, schema mismatches, and unintended writes to the wrong destination system.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation phrases are broad enough to match common requests like 'check the database' or 'show me the data,' which can cause the skill to trigger in situations where the user did not intend deep database access. Because the skill contains sensitive operations and credential-handling guidance, overly permissive activation increases the chance of unnecessary exposure or misuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Export and backup behavior are documented as routine workflows without sufficiently prominent warnings about sensitive data exposure, filesystem side effects, or operational risk. Even nominally non-destructive exports can exfiltrate large amounts of confidential data, while backup commands can create unmanaged copies in insecure locations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.