Back to skill

Security audit

NetPad - Build forms, workflows and manage MongoDB data

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate NetPad management tool, but it gives an agent powerful deletion, export, RBAC, and app-installation abilities without enough built-in safety checks.

Install only if you are comfortable giving the skill a NetPad API key with the same power you would give a trusted administrator. Use least-privilege or non-production keys where possible, manually confirm delete/RBAC/app-install actions before running them, and avoid bulk exports unless you have a clear handling plan for potentially sensitive submission data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes destructive deletion commands for forms and submissions without any confirmation step, scoping guidance, or warning that the action is irreversible. In an agent-assisted context, this increases the risk of accidental destructive operations against production data when a user request is ambiguous or mistaken.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented RBAC and marketplace commands can add/remove users, change roles, create/delete groups and roles, assign permissions, and install apps without any user-facing caution about organizational impact. In an agent setting, these are high-consequence administrative actions that could cause privilege escalation, lockouts, unauthorized access, or supply-chain exposure if used without explicit approval and review.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The export command retrieves up to 1000 submissions and writes raw submission data directly to stdout as JSON lines, which can expose sensitive personal or business data into terminals, logs, pipes, or files without any warning, filtering, or confirmation. In a form-management skill, submission data is likely to contain PII, making silent bulk export more dangerous in context.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
api PATCH "/forms/${3:?Form ID required}" '{"status":"draft"}' | jq '.data | {id, name, status}'
                ;;
            delete)
                api DELETE "/forms/${3:?Form ID required}"
                echo "Form deleted"
                ;;
            add-field)
Confidence
90% confidence
Finding
DELETE "/forms/${3:?Form

Tool Parameter Abuse

High
Category
Tool Misuse
Content
api POST "/forms/${form_id}/submissions" "{\"data\":$data}" | jq '.'
                ;;
            delete)
                api DELETE "/forms/${3:?Form ID required}/submissions/${4:?Submission ID required}"
                echo "Submission deleted"
                ;;
            export)
Confidence
91% confidence
Finding
DELETE "/forms/${3:?Form

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.