Back to skill

Security audit

Mysql Manager

Security checks across malware telemetry and agentic risk

Overview

This skill transparently manages a local Docker MySQL database, with real data-loss risk from intended admin commands but no evidence of hidden or malicious behavior.

Install only if you want an agent to manage a local Docker-backed MySQL service. Use a non-default MYSQL_ROOT_PASSWORD, avoid production or irreplaceable data, review dump and drop targets carefully, and remember that the Docker container and volume can persist after the immediate task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "create database" is broad and can match ordinary user requests that are not intended to invoke this specific skill. Because this skill performs state-changing infrastructure actions against a shared MySQL environment, accidental activation could create databases or steer the agent into privileged DB-management behavior in the wrong context.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger phrase "drop database" is especially dangerous because it is both broad and destructive. A generic request containing those words could unintentionally activate this skill and lead to deletion workflows against a shared development MySQL instance, risking data loss even if the underlying command later asks for confirmation.

Vague Triggers

Low
Confidence
84% confidence
Finding
The phrase "dump database" is ambiguous and may match routine technical discussion or requests unrelated to this skill. In this skill's context, invocation could copy data between databases in a shared container, which raises confidentiality and integrity concerns if triggered unintentionally.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
76% confidence
Finding
The trigger "start mysql" can shadow more general built-in command semantics around "start," causing the skill to intercept requests that users may intend for another subsystem. In this case the skill controls Docker container lifecycle for a shared database service, so unintended activation can expose or alter local infrastructure state.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
78% confidence
Finding
The trigger "stop mysql" overlaps with generic "stop" command semantics and may capture requests intended for other tools or contexts. Because the skill manages a shared MySQL container used by multiple local instances, accidental invocation could interrupt dependent services and create availability issues.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
89% confidence
Finding
The trigger "create database" conflicts with generic "create" command behavior and is insufficiently scoped to this skill. Since the skill administers a privileged shared MySQL container, ambiguous activation can cause unintended resource creation and encourage the agent to operate outside the user's intended task boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.