Database Schema Sync

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it guides agents toward high-impact production database changes with insufficient safeguards and relies on an unreviewed local sync script.

Review before installing or using. Only use this in the intended project after inspecting the actual sync-production-schema.py, and do not allow production --apply unless a human has approved the dry-run output, backups, rollback plan, maintenance timing, and least-privileged database credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to run shell commands and interact with production deployment tooling, but it declares no permissions. This creates a capability mismatch where reviewers and policy systems may underestimate the skill's ability to execute commands affecting local files or production infrastructure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented purpose is production schema synchronization, but the analyzed behavior includes hard-coded local path checks, permission changes via chmod, and static verification behavior not disclosed by the description. This mismatch is dangerous because operators may trust the skill for controlled database changes while it also performs host-level file operations on specific local paths, increasing the risk of unintended modification or misuse in production environments.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The document prescribes a single production deployment method with absolute language such as 'ALWAYS use sync script for production deployments,' removing operator or organizational choice. In a database deployment context, this can pressure users to bypass established migration governance, rollback practices, and compatibility checks, increasing the chance of unsafe schema changes or operational outages.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal