AntV Skills

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only AntV G6 documentation/code-generation skill with no install-time code or hidden execution, though users should review generated examples that load remote images or demo data.

Reasonable to install as a G6 documentation/code-generation helper. Before using generated code with untrusted graph data, review any HTML, tooltip, remote image, and remote fetch examples; allowlist or proxy image/data sources where privacy matters. The publisher should remove the unrelated crypto and purchase tags to avoid confusion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The examples encourage loading third-party remote images directly via user/data-controlled URLs without warning that this causes client-side network requests and metadata disclosure to external hosts. In applications where node data is untrusted, this can leak user IPs, browsing context, or internal usage patterns, and may also introduce reliability and mixed-content issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal