Skill

Security checks across malware telemetry and agentic risk

Overview

This skill performs disclosed due-diligence work: it can fetch public EDINET filings, parse PDFs, and generate local financial reports.

Install only if you want an agent to fetch public Japanese filings, read financial PDFs, and create local report files. Set EDINET_API_KEY only when you want automatic EDINET downloads, and choose output folders deliberately to avoid overwriting files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The workflow directs the agent to automatically download documents from EDINET and later generate local output files without first warning the user that network access and file writes will occur. In an agent setting, hidden side effects reduce informed consent and can surprise users with external requests or local artifact creation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal