Database Design Hardened

Security checks across malware telemetry and agentic risk

Overview

This is a local database-design helper whose scripts generate SQL/text output and keep a small local command history, with no evidence of hidden network access or destructive execution.

Install only if you are comfortable running local shell scripts from this publisher. Be aware that one script keeps a local history file of commands and first arguments; avoid passing secrets or sensitive schema details as arguments, and delete ~/.local/share/database-design/history.log if needed. Review generated SQL carefully before applying it to any real database, especially migrations, index drops, and schemas involving sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script logs command activity and user-supplied arguments to a persistent file under the user's data directory without any notice, consent, or sanitization. In a database-design context, arguments may include schema names, table names, file paths, sample data references, or potentially sensitive query fragments, creating an unnecessary privacy and confidentiality risk if the local machine is shared or the logs are later collected.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal