Security audit

Database Optimization

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed database-optimization reference skill with no executable code, hidden behavior, or data export behavior found.

Install this if you want Chinese-language database optimization guidance. Review suggested SQL against your own schema and run changes like CREATE INDEX, SET GLOBAL, or CREATE EXTENSION only in controlled environments with backups or approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs activation on very broad, common phrases such as '查询很慢', '加个索引', and '数据库卡了', plus 'immediately use this skill'. That can cause over-triggering in loosely related conversations, reducing user control and increasing the chance the agent applies specialized database guidance when the request lacks sufficient context or the user intended a different tool or language.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The description is written to operate in Chinese without offering a language-selection mechanism or clarifying that responses should follow the user's language. This can cause mismatched-language responses, misunderstanding of operational steps, and unsafe execution of database changes if users misread recommendations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.