Category Link Collector

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward URL-to-CSV helper that writes local CSV files but shows no hidden network, credential, or destructive behavior.

Install only if you are comfortable running a local Python script that creates CSV files. Set an explicit output directory before use, check for existing same-name CSV files, and install pandas from a trusted source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The skill explicitly states it will save extracted data as a CSV file, but it does not clearly warn users that running it will modify the filesystem. This can lead to unexpected file creation or overwriting, especially in automated environments where default paths are trusted and side effects are easy to miss.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: A hard-coded default output directory is provided without an explicit warning that files will be written there, which increases the chance of unintended data placement or overwriting existing files. On shared or sensitive systems, silent writes to a user-specific path can create privacy, integrity, or operational issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal