Info Visualize

Security checks across malware telemetry and agentic risk

Overview

This is a local chart and report generator, but its browser-based HTML/SVG output can embed untrusted input without escaping.

Install only if you will use trusted or sanitized data for the HTML/SVG chart path. Prefer PNG output for untrusted text, and use the archive option only for reports you are comfortable retaining in a long-lived local folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Low

Confidence: 79% confidence
Finding: The documentation recommends optionally archiving generated reports into a user memory directory unrelated to the core rendering task. This expands the skill's data-handling scope and can cause unintended persistence of possibly sensitive report contents into a cross-task storage location, increasing exposure and retention risk.

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: The output path convention explicitly recommends writing to a fixed user archive path under a memory directory, which exceeds visualization needs and normalizes persistence into a sensitive location. If used broadly, this can leak generated content into long-lived stores without clear consent, making later unintended access or reuse more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal