Back to skill

Security audit

Data Mover Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real local data-entry automation tool, but it needs review because it can capture screens, use the clipboard, and automate business-system data entry without tight safeguards.

Install only if you intentionally want local OCR/RPA automation and can constrain it. Disable scheduled and global-hotkey operation unless explicitly configured, use test data first, restrict source and destination windows/files, avoid screens containing credentials or regulated data, pin dependencies from trusted sources, and require human confirmation before any CRM, ERP, database, or spreadsheet write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import platform
            system = platform.system()
            if system == 'Windows':
                subprocess.run(['clip'], input=text.encode(), shell=True)
            elif system == 'Darwin':
                subprocess.run(['pbcopy'], input=text.encode())
            else:  # Linux
Confidence
95% confidence
Finding
subprocess.run(['clip'], input=text.encode(), shell=True)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes OCR-based screen scraping and automated cross-system copy/paste into systems like CRM, ERP, and databases, but it does not warn about privacy, authorization boundaries, accidental data modification, or misuse of simulated keyboard/mouse automation. In this context, the skill handles potentially sensitive on-screen data and can trigger unintended writes across enterprise systems, so the lack of safety constraints and usage warnings is a real security concern rather than a purely informational omission.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manual trigger phrase includes broad natural language such as “帮我搬运数据,” which could easily appear in normal conversation and cause unintended activation. Because this skill performs screen OCR and automated copy/paste into other systems, accidental triggering can expose on-screen sensitive data or modify external applications without sufficiently deliberate user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The scheduled and hotkey triggers are underspecified: “daily at a fixed time” and a global hotkey like F12 provide no constraints on when the skill may run, what context it may act on, or whether the user is present. For a skill that can capture the screen and simulate keyboard/mouse input across systems, ambiguous autonomous triggers substantially raise the risk of unintended data extraction, interference with active user work, and actions in the wrong application window.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description emphasizes automatic screen recognition and cross-system copy/paste but does not prominently warn users that it may capture visible screen contents and send synthetic input to other applications. In this context, the omission is especially dangerous because the skill is designed to process potentially sensitive business data and alter system state in CRMs, ERPs, spreadsheets, and databases.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill reads from and writes to the system clipboard without any user-facing warning, consent, or scope limitation. Clipboard data commonly contains passwords, API keys, personal data, and copied business records, so silent access in a cross-system automation tool materially increases data leakage and unintended data-transfer risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.