Data Cog

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal CellCog data-analysis integration, with the main caution that uploaded datasets may be processed by an external service.

Install only if you are comfortable using CellCog for analysis. Do not upload secrets, credentials, personal data, regulated datasets, or confidential business data unless you have reviewed and accepted CellCog's data-handling, retention, and privacy terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill encourages users to upload files for analysis by CellCog but does not clearly disclose that those files are sent to an external service/provider. This can cause inadvertent disclosure of sensitive or regulated data because users may assume analysis occurs locally or within their existing agent environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal