TiDB Cloud Zero

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only TiDB Cloud helper that matches its stated purpose, with normal caution needed around temporary database credentials and optional API keys.

Install this only if you want an agent to help create temporary TiDB Cloud databases. Keep generated connection strings private, use TLS, avoid storing sensitive production data in unclaimed disposable instances, and use restricted or temporary provider API keys if you try the optional BYOK embedding examples.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This markdown file includes commands for setting provider API keys in global database variables, which is a sensitive credential-handling operation. The surrounding text gives usage instructions but does not warn users about protecting secrets, avoiding shared environments, or the visibility/impact of setting global variables.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal