Auto Pivot Table

Security checks across malware telemetry and agentic risk

Overview

This is a coherent developer guide for adding ORBCAFE pivot-table analytics and voice navigation, with no evidence of hidden access or unsafe behavior.

Before installing, review the npm dependencies and run the commands only in a trusted project. Keep websocket endpoints and ASR credentials in application configuration, and translate the Chinese sections if you need full clarity before using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 98% confidence
Finding: The workflow steps are written entirely in Chinese, which imposes a specific language on the skill's operational instructions without offering any user choice or opt-in. This is a natural-language locale policy issue because the file mixes English headings with mandatory Chinese guidance and does not document a justified region-specific constraint.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The section beginning at L62 switches to Chinese for key usage notes, which forces a specific language for part of the skill documentation. There is no indication that this file is intentionally region-specific or that users can choose an alternative language, so it conflicts with the stated language/locale policy criteria.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal