Back to skill

Security audit

MYSQL QUERY

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate database-query helper, but it can give an agent broad access to production databases without enough safeguards.

Install only if you are comfortable letting an agent run SQL against the databases you configure. Use least-privilege, preferably read-only database users by default; keep production and test names unambiguous; review any UPDATE, DELETE, DROP, ALTER, INSERT, or privilege-changing query before it runs; and prefer SSH keys plus pinned host keys for sensitive hosts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill invokes shell commands, reads files, and relies on environment variables, but it declares no explicit permissions or trust boundaries. That increases the chance the agent can access sensitive local configuration and credentials or execute unintended system commands without users understanding the skill's effective capabilities.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Case-insensitive partial matching on database names can cause the skill to select the wrong configured database when names overlap, such as matching a production database when the user intended staging. In this skill's context, mis-selection is especially dangerous because it can open SSH tunnels and run arbitrary SQL against sensitive systems, leading to data exposure or destructive changes.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
def execute_mysql_query(host: str, port: int, database: str, user: str, password: str, query: str) -> bool:
    """Execute MySQL query using mysql command-line client with environment variable for password."""
    # Use environment variable for password to avoid exposure in process list
    env = os.environ.copy()
    env['MYSQL_PWD'] = password

    mysql_cmd = [
Confidence
90% confidence
Finding
os.environ.copy()

Unvalidated Output Injection

High
Category
Output Handling
Content
]

    try:
        result = subprocess.run(
            mysql_cmd,
            capture_output=True,
            text=True,
Confidence
95% confidence
Finding
subprocess.run( mysql_cmd, capture_output

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.