Dashboard Manager2

Security checks across malware telemetry and agentic risk

Overview

This is a local Jarvis dashboard skill, but it can change more dashboard data than its documentation clearly discloses.

Install only if you trust the local Jarvis dashboard server and are comfortable with this skill modifying dashboard state. Before enabling it, clarify the localhost API dependency, require confirmation for deletes and automation-rule changes, and add a clear way to disable background syncing or run read-only.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly describes automatic background writes to `data.json`, note processing, heartbeat updates every 2 seconds, and silent operation without clear user consent, rollback, or safeguards against unintended data modification. In an agent environment, this can lead to persistent state corruption, loss of note integrity, noisy logs, or hidden changes that are difficult for operators to detect and audit in real time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal