Spark Engineer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation-style Apache Spark engineering skill with no evidence of hidden execution, data theft, persistence, or destructive behavior.

Reasonable to install if you want Spark guidance. Be aware it may activate for some general big-data or pipeline questions where a non-Spark skill might be more relevant.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list contains broad phrases such as "big data," "distributed computing," and "data processing pipeline" that are not specific to Apache Spark and can cause the skill to activate for unrelated requests. Over-broad routing increases the chance that the agent invokes this skill in the wrong context, which can lead to inappropriate guidance, unintended code generation, or interference with more relevant skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal