Date Utils

Security checks across malware telemetry and agentic risk

Overview

This is a local date/time helper with a disclosed Shanghai timezone default and no evidence of hidden data access, persistence, or destructive behavior.

Install only if the UTC+8 default is acceptable for your workflows. For deadlines, payroll, compliance, local scheduling, or records near day boundaries, confirm the timezone before relying on the output.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill hard-codes `Asia/Shanghai` as the default timezone and presents it as a general-purpose '唯一可靠来源' for current date/time operations. In multi-user or multi-region contexts, this can silently produce incorrect dates, weekdays, timestamps, and reporting periods, especially near day boundaries, causing downstream logic or records to be wrong without user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal