Etalon GDPR Scan

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GDPR audit helper that runs a local CLI, with expected caution around codebase reads and optional file-changing commands.

Install only if you trust the ETALON CLI source. Run scans only on sites or codebases you are authorized to audit, review audit output before sharing it, and require separate explicit approval before using --fix or writing generated policy/report files into a project.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill is presented primarily as a local audit/reporting tool, but it also documents state-changing operations such as `etalon audit ./ --fix` and `generate-policy ... -o privacy-policy.md`, which can modify the repository or create files. In an agent setting, this mismatch can lead users or orchestrators to authorize the skill expecting read-only analysis, while it performs write actions that may alter source code or introduce generated legal text into the workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal