Back to skill

Security audit

Golang Database

Security checks across malware telemetry and agentic risk

Overview

This is an opinionated Go database coding guide with disclosed code-editing tools and no evidence of hidden installation, persistence, exfiltration, or destructive behavior.

Reasonable to install for Go projects that use SQL databases. Review generated code before applying it, keep integration tests pointed at non-production databases, and remember this skill can guide an agent to inspect repository patterns, edit files, run Go tooling, and launch scoped sub-agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The eval suite appears to impose normative behavior that is stronger than the declared skill metadata, such as requiring the model to argue that ORMs are harmful and to refuse schema generation categorically. This creates a spec/eval mismatch that can train or reward behavior outside the skill’s stated scope, reducing transparency and potentially causing unsafe over-refusal or biased technical guidance.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The eval text claims the skill explicitly instructs users to avoid ORMs, but the provided metadata does not say that. This inconsistency can silently bias model behavior and make review difficult because evaluators are enforcing hidden requirements not visible in the declared skill contract.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.