Security audit

Databar.ai

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal Databar.ai connector skill with broad activation wording that users should understand, but no evidence of hidden or harmful behavior.

Install this if you want your agent to work with Databar.ai through a dedicated connector. Because the trigger wording is broad and write actions may change Databar.ai data, be explicit about when you want the skill used and review any proposed create/update operations before approving them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description explicitly says to use this skill for ANY Databar.ai request, which creates an overly broad routing trigger and can cause the agent to invoke it for loosely related mentions rather than only for clearly intended connector operations. In this skill, that broad scope is more concerning because the skill includes both read and write actions, so accidental invocation could lead to unnecessary access, schema inspection, or user-confirmation flows around state-changing operations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal