Brand DNA Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a transparent brand-analysis helper, but it can fetch website content, send images to AI providers, and optionally cache results.

Install only if you are comfortable with the skill fetching public website assets and sending selected images or visual data to Gemini or OpenAI. Avoid analyzing confidential or access-restricted sites without authorization, and disable Supabase storage or use a narrowly scoped key unless caching is required.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly describes scraping websites, sending representative images to external VLM providers, and optionally caching extracted results in Supabase, but it does not disclose these data flows or retention behaviors to users. This can lead to unintentional transmission of third-party website content and imagery to external services and persistence of derived data, creating privacy, compliance, and data-handling risk especially when users analyze internal, private, or sensitive sites.

VirusTotal

No VirusTotal findings

View on VirusTotal