公共资源交易信息收集

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do expected spreadsheet-related local file work, with a minor overwrite-safety caveat but no evidence of malicious behavior.

Before installing, be aware that the skill may write Excel files locally. Use a path you trust and check whether a target file already exists before asking the agent to generate or overwrite outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 85% confidence
Finding: The skill instructs creation of a local Excel file at a concrete path and notes that a user-specified path may be used, but it does not require confirmation before writing or warn about overwrite effects. In an agent setting, file creation on the local system without explicit safeguards can lead to unintended overwrites, data loss, or writing sensitive data to an unsafe location.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal