Back to skill

Security audit

work attendance skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a purpose-aligned attendance-reporting helper, but its generated files can contain sensitive employee attendance details.

Install only if you are authorized to process these employees' attendance records. Choose output paths deliberately, keep generated JSON/DOCX/XLSX reports in approved private storage, delete them when no longer needed, and review the documented exclusion and department-mapping rules before relying on the report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script writes detailed attendance results, including employee names, departments, lateness, early leave, and missing clock-in details, to disk as a JSON file without any minimization, protection, or explicit warning. In a skill context handling employee attendance, this creates a real privacy risk because sensitive HR data may be stored in cleartext in unintended locations and retained longer than expected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.