Back to skill

Security audit

SQL Data Analyst

Security checks across malware telemetry and agentic risk

Overview

This SQL analysis skill does what it advertises, but users should connect only databases they are comfortable letting an agent query.

Install this only if you intend to let an agent inspect schemas and run analysis queries. Use read-only or least-privilege database accounts, avoid production admin credentials, review generated SQL especially before any write, and periodically clean local imports, exports, saved queries, schema caches, and query logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
"settings": {
    "default_connection": "local",
    "default_limit": 1000,
    "auto_execute_select": true,
    "require_confirmation_for_writes": true,
    "show_query_before_execute": true,
    "log_queries": true
Confidence
85% confidence
Finding
auto_execute

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.