Data Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a local data-analysis helper that reads files or folders you point it at, with no evidence of hidden upload, persistence, or account access.

Install only if you want an agent to read and analyze local documents you select. Use narrow folders, avoid pointing it at sensitive directories, review summaries before sharing them, and install the suggested Python packages from trusted package sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are generic requests like analyzing folders, comparing Excel files, and summarizing data, which are common user intents that could cause this skill to activate unexpectedly. Because the skill recursively scans folders and reads file contents across multiple formats, overly broad routing increases the chance of unintended access to sensitive local data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The description advertises folder scanning and analysis of many document types but does not warn that the skill may recursively enumerate directories and read file contents. Users may invoke it without understanding that broad local file discovery and content extraction will occur, which creates a meaningful privacy and data-exposure risk in an agent environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal