Electricity Forecasting Framework

Security checks across malware telemetry and agentic risk

Overview

This is a coherent electricity forecasting skill with local ML scripts; the main caution is to only load model files you trust.

Install and run this in a clean virtual environment, review dependencies, and do not use joblib model files from untrusted sources. Keep forecasting datasets and generated deployment outputs in a dedicated project folder, and only expose the generated API server intentionally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: `joblib.load(model_path)` performs unsafe deserialization and can execute arbitrary code during loading if the `.joblib` file is malicious. In this skill context, the script accepts a user-supplied model path and loads it before validation, making untrusted model artifacts a realistic code-execution vector on the deployment host.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal