Spindle Box

Security checks across malware telemetry and agentic risk

Overview

This skill transparently helps create spindle-box CAD jobs on jixietools.com, with the main caution that generated guest links should be treated as private access links.

Install only if you are comfortable sending spindle-box design parameters to jixietools.com. Treat any generated guest URL and guest_code as private access links, especially if the CAD parameters or generated drawings are proprietary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to create guest-access production sheets and expose a shareable `guest_code`/URL without requiring an explicit user warning about the public or bearer-token nature of that link. Anyone who obtains the link can likely view the production sheet and generated outputs, which can expose user-supplied design parameters or proprietary CAD artifacts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal