Data Leak Detector

Security checks across malware telemetry and agentic risk

Overview

This is a simple local static scanner for possible data-leak patterns, with scope and dependency caveats but no evidence of hidden exfiltration or destructive behavior.

Install only if you want a lightweight local triage scanner. Run it against specific files, folders, or named skills rather than broad private directories, review reports before sharing them, and treat low-risk results as preliminary rather than proof that another skill is safe.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are broad and generic, including phrases like checking whether a skill is safe or scanning for risks, without clear constraints on target scope or user confirmation. This can cause the skill to activate in contexts broader than intended and potentially prompt large-scale analysis of user content, increasing privacy and operational risk even though the skill itself is a scanner rather than an exfiltration tool.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The usage example explicitly suggests scanning all installed skills, which encourages expansive access without a specificity guard. In practice, this can lead to unintended enumeration of many local skills and their contents, amplifying privacy exposure and making overbroad activation more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal