Pc Monitor Cn

Security checks across malware telemetry and agentic risk

Overview

This is a narrow local system-monitoring skill, with a real caution that its shell wrapper may install psutil automatically if it is missing.

Before installing, know that running the shell wrapper may fetch and install psutil into the active Python environment. Prefer installing psutil yourself from a trusted package source or running the Python script only after dependencies are already installed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The script presents itself as a quick monitoring utility, but it also performs package installation as a side effect. Installing software during normal execution expands the script's trust boundary, can surprise users, and may pull code from external package sources in environments where dependency changes should be explicit and reviewed.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script silently installs the psutil package with only a brief message and no confirmation, causing an unexpected networked software change on the host. This is dangerous because package installation may execute unreviewed code from package repositories, modify the Python environment, and break policy expectations in restricted or production systems.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal