Back to skill

Security audit

Deep Research Cellcog

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only CellCog research skill whose external-service behavior is coherent and disclosed, though users should be careful with sensitive prompts.

Install only if you are comfortable sending research prompts and any included context to CellCog. Avoid secrets, regulated data, internal documents, or confidential business information unless your organization has approved CellCog for that use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill clearly routes user prompts to an external research service (CellCog) and encourages broad multi-source retrieval, but the user-facing description and usage guidance do not prominently warn that sensitive prompts may leave the local environment and be processed by a third party. This can lead users to unknowingly submit confidential business, financial, legal, research, or personal data to an external provider, creating privacy, compliance, and data-governance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.