Back to skill

Security audit

Chatbot Builder

Security checks across malware telemetry and agentic risk

Overview

This is a minimal chatbot-builder skill whose sensitive behaviors are expected for its purpose, but users should treat data sharing, credentials, and deployment channels carefully.

Before installing or using this, verify any chatbot.sh implementation separately, use test data first, avoid training on secrets or private documents unless necessary, use scoped API and channel credentials, and confirm where conversation memory and analytics are stored and how they can be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises training on user data and deployment to external channels such as web, Slack, Discord, WhatsApp, and Telegram without any warning about data sharing, privacy implications, or operational effects. This can cause users to expose sensitive documents or conversations to third-party platforms and model providers without informed consent, especially because the quick-start flow encourages immediate deployment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.