Back to skill

Security audit

Dashboard Web App Cellcog

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CellCog dashboard-generation skill, with the main caveat that prompts and uploaded data may be sent to CellCog.

Install only if you are comfortable using CellCog as an external AI service. Do not upload confidential HR, financial, customer, log, or regulated data unless you are authorized and understand CellCog's data handling terms; use mock or redacted data for demos when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly encourages users to upload and explore datasets such as employee data, survey results, logs, CSV, JSON, and Excel files, but it provides no privacy, confidentiality, or data-handling warnings. Because the skill routes prompts and uploaded files through an external AI service (CellCog), users may inadvertently send sensitive personal, financial, HR, or operational data to a third party without understanding the exposure or compliance implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.