Back to skill

Security audit

Run402 Test

Security checks across malware telemetry and agentic risk

Overview

This database skill is coherent, but it includes under-disclosed admin SQL access using a stored service key.

Install only if you intend to let an agent work with Run402 database administration. Treat SERVICE_KEY as an admin secret, verify the project ID and every SQL statement before running the helper, and avoid using it against production or valuable data without backups and explicit review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs use of a `service_key` bearer token for an admin SQL endpoint but does not warn that this credential is highly privileged and must be kept secret. In agentic contexts, examples are often copied directly, so normalizing exposure or casual handling of admin credentials materially increases the risk of credential leakage and full project compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example sends SQL to an administrative endpoint capable of changing database state, but the documentation does not warn that it performs privileged, mutating operations. In a skill intended for automation, this omission can cause an agent or user to run destructive commands in the wrong environment or without review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically reads a high-privilege service key from the user's local config and immediately uses it in an authenticated request based on command-line input, with no consent prompt, scope check, or warning that an admin credential is being used. In this skill context, the endpoint is an admin SQL execution API, so the combination of silent credential use and arbitrary SQL submission materially increases the risk of destructive database actions or unintended privileged access if the skill is invoked in an unsafe way.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.