JSON Query Tool

Security checks across malware telemetry and agentic risk

Overview

This is a coherent static JSON query tool that processes data in the browser and shows no evidence of hidden upload, persistence, or privileged behavior.

Prefer using the included local HTML for sensitive JSON. If you use the hosted page, remember that visiting it contacts the hosting site, even if the JSON processing code runs in your browser. Only use the deployment-token instructions if you intentionally want to self-host.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The instruction to invoke the skill whenever a user requests JSON querying, path extraction, or data filtering is broader than the listed trigger phrases and can cause the agent to activate this skill for generic JSON-related tasks. That over-broad routing can lead to unintended tool use, unnecessary data exposure to external web properties, or bypass of more appropriate native handling for simple transformations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal