Sql Pro

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SQL helper skill; it can suggest database changes, but it does not run code or request access by itself.

Safe to install as an instruction-only SQL assistant. Before running any SQL it suggests, especially in production, review it with normal database change controls, test it on non-production data where possible, and confirm locking, permissions, rollback, and maintenance-window impact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is broad enough to activate on many ordinary database-related requests, which can cause the skill to be invoked outside a narrowly intended context. Over-broad invocation increases the attack surface for prompt/skill routing issues and can lead to unintended authority or behavior being applied to general requests.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The referenced section includes database-changing maintenance commands without nearby cautionary guidance about prerequisites, privileges, locking, resource usage, rollback planning, or safe execution in staging first. In an agent skill meant to provide optimization advice, this can lead users to run potentially disruptive operations directly in production, causing degraded performance, lock contention, or service interruption.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal