Back to skill

Security audit

Gdpr Checker

Security checks across malware telemetry and agentic risk

Overview

This GDPR checker includes a mismatched security helper that makes unsupported scan/encryption claims and quietly saves command inputs locally.

Install only if you treat this as a lightweight checklist/template aid, not a real security scanner, hardening tool, or encryption utility. Avoid entering secrets, customer data, breach details, or sensitive operational identifiers unless you accept that command arguments may be saved locally in the gdpr-checker data directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script presents itself as a security scanning and hardening tool, but the implemented commands largely emit canned text and write activity to a local log rather than performing real scanning, auditing, encryption, or alerting. In a security context, this is dangerous because users may rely on false assurances, skip real security controls, and expose potentially sensitive inputs to logging under the belief they are using a legitimate protection tool.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Command arguments are persistently written to a history log without notice, and several commands imply handling sensitive material such as passwords, checks, encryption inputs, or compliance-related data. This can leak secrets, internal identifiers, or operational details to disk in a predictable location, increasing the risk of local disclosure or later exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.