Data Chart Tool

Security checks across malware telemetry and agentic risk

Overview

This is a local chart-making skill with disclosed paid-license handling; the main risks are weak license-secret guidance and a licensing bug, not hidden or harmful behavior.

Install this in a Python virtual environment if possible. If you use paid features, treat SKILL_LICENSE_SECRET as a tool-specific secret: do not reuse passwords or API keys, avoid committing it to dotfiles, and prefer setting it only for commands that need it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The licensing logic fails open for the premium scatter feature: if any unexpected exception occurs during license validation, the code logs a warning and continues instead of denying access. This allows users to bypass the intended paywall or policy control simply by triggering validator errors, undermining authorization and creating an inconsistent security boundary.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation instructs users to place a license secret in an environment variable and references copying a license file locally, but it provides no guidance on secure storage, secret rotation, shell history exposure, or avoiding accidental leakage in logs and process environments. This creates a real credential-handling weakness because users may expose the secret through shared shells, CI logs, dotfiles, or screenshots while following the instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal