Reducer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed hosted workflow for generating reducer CAD drawings, with a guest link privacy caveat but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending reducer design parameters to jixietools.com and receiving a no-login guest viewing link. Avoid using it for confidential or proprietary designs unless you understand the service's privacy, retention, and link-sharing behavior, and confirm before creating the production sheet.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill creates guest-accessible production sheets and shares a public link/code without warning the user that the resulting artifact may be accessible to anyone possessing that link. Because the workflow includes CAD drawings and project parameters, this can expose potentially sensitive design data through unauthenticated access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal