Back to skill

Security audit

Neckr0ik Etl Builder

Security checks across malware telemetry and agentic risk

Overview

This ETL skill is mostly legitimate, but it can move or overwrite data across files, databases, and arbitrary webhooks without enough scoping or safety guidance.

Review before installing. Use only with data you intend to move, prefer dry runs and record limits first, avoid embedding long-lived secrets in pipeline JSON or shell history, use least-privilege credentials, choose simple pipeline names, and do not run scheduled jobs or webhook/API destinations against sensitive or production data until the exact source, destination, and overwrite behavior are verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly describes capabilities to read files, write files, and access external/network resources, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users or hosting platforms may not realize the skill can move data across trust boundaries, including local files, databases, cloud services, and APIs.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation language is very broad ('Build ETL pipelines without code' and use whenever data needs moving/transformation) without clear limits, approval gates, or sensitivity checks. In a skill that can read from databases/files and write to cloud services or webhooks, vague trigger conditions increase the chance of over-broad use on sensitive data or unintended automation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation advertises extract/transform/load/schedule operations across databases, APIs, files, and cloud storage but provides no warning about privacy, credential handling, overwrite risk, or outbound transmission. Given the skill's purpose is bulk data movement, omission of these warnings materially increases the chance of accidental data leakage, misuse of secrets, or destructive writes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented load option includes 'replace', a destructive mode that can overwrite or erase destination data, but no warning or confirmation requirement is described. In an ETL tool, this can lead to irreversible data loss or corruption if users misconfigure the target table or run the pipeline against production systems.

Missing User Warnings

High
Confidence
92% confidence
Finding
The webhook loader sends the full transformed dataset to an arbitrary user-configured URL with no validation, confirmation, or egress restrictions. In an ETL tool, this can enable silent exfiltration of sensitive records to attacker-controlled endpoints and can also be abused for SSRF against internal services if untrusted pipeline configs are executed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.