uos-printer-driver-downloader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it searches the UOS driver site and downloads selected printer driver packages without hidden execution or credential access.

Reasonable to install if you need UOS printer driver downloads. Treat the downloaded .deb packages as software from the upstream driver provider: verify the model and source before installing them, and prefer a user-controlled download directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tainted flow: 'actual_url' from requests.get (line 75, network input) → requests.get (network output)

Medium

Category: Data Flow
Content: actual_url = result_data['data']['url'] file_resp = requests.get(actual_url, headers=headers, stream=True, timeout=60) file_resp.raise_for_status() filename = f"{package}_{version}_{arch}.deb"
Confidence: 88% confidence
Finding: file_resp = requests.get(actual_url, headers=headers, stream=True, timeout=60)

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal