Back to skill

Security audit

Data Pipeline Toolkit

Security checks across malware telemetry and agentic risk

Overview

This ETL skill is instruction-only and asks users to run a missing local pipeline script that may handle databases, APIs, cloud storage, and scheduled jobs.

Review before installing. Do not run the quick-start commands unless you know exactly which ./pipeline.sh file will execute and trust its source. Use test data first, provide only narrowly scoped non-production credentials, and confirm any schedules can be found and removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill shows pipeline examples that use external APIs and a database connection string without any warning about credential handling, secret exposure, or data transfer risks. Users may copy these patterns directly, passing sensitive connection details via shell environment variables or moving data across trust boundaries without considering authentication, encryption, or least-privilege controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.