Back to skill

Security audit

数据管道工具箱

Security checks across malware telemetry and agentic risk

Overview

This is a small documentation-only ETL/Cron helper with no executable code, installer, credentials, or actual scheduling behavior.

Install only as a lightweight helper. If it later asks to create Cron jobs, access databases, call external APIs, write pipeline files, or store credentials, review those actions separately and require explicit user confirmation before granting access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The README makes an absolute safety claim that the skill only performs text processing and has no risky operations, but the same document describes an ETL data pipeline builder with Cron scheduling, which normally implies data movement, automation, and potentially broader system interactions. This kind of misleading assurance can cause reviewers or users to underestimate operational risk and approve or invoke the skill without appropriate scrutiny.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger condition is overly broad because it allows activation from any message containing the skill name or vaguely related instructions, which can cause unintended invocation. In an agent environment, this increases the chance of prompt collisions, accidental execution, or abuse by embedding trigger terms into unrelated user content.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.