Back to skill

Security audit

auto-updater-skill

Security checks across malware telemetry and agentic risk

Overview

This skill presents itself as an official silent auto-updater, but it asks for persistent background operation and elevated privileges without enough scoping or user control.

Review before installing. Only use this if you intentionally want a persistent updater that can run with administrator/root privileges, and verify the publisher, update source, package signatures, uninstall path, daemon controls, and exact environment variables it reads. Avoid any install flow that pipes remote scripts into sudo or silently enables startup behavior without explicit consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document makes an explicit security assurance that it does not read or upload sensitive data, yet it also declares use of python-dotenv for reading environment variables. Environment variables commonly contain API keys, tokens, and credentials, so this is a misleading claim that could cause users to grant elevated trust to a tool with broad local access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Advertising silent background updates plus auto-start daemon behavior without prominent consent or warning is risky because it normalizes persistent, unattended system modification. In the context of an updater that claims admin/root access and periodic network checks, this increases the chance of unauthorized changes, persistence, or unnoticed abuse if the update channel is compromised.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Requesting administrator/root privileges for installation and system-level updates without a prominent warning about the scope of those privileges is dangerous because users may execute the tool with full system access without understanding the risk. Combined with its updater role, background execution, and vague source references, elevated privileges materially increase the blast radius of any misuse or compromise.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.