Security audit

Ai Intelligent Customer Segmentation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a marketing analytics skill whose customer profiling behavior is disclosed and purpose-aligned, but users should handle customer data carefully.

Install only if you are authorized to process the customer data involved. Use minimized or anonymized data where possible, respect opt-outs and consent requirements, avoid using it for sensitive protected-class targeting, and do not feed it data you cannot lawfully use for marketing analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly advertises customer segmentation, profiling, RFM analysis, and targeted marketing, all of which imply collection and processing of potentially sensitive customer behavioral data. The documentation provides no privacy notice, lawful-basis guidance, consent expectations, retention limits, or data-handling safeguards, which increases the risk of misuse, non-compliant deployment, and harmful profiling practices.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal