Back to skill

Security audit

Vpn Rotate Skill

Security checks across malware telemetry and agentic risk

Overview

This skill’s VPN rotation purpose is understandable, but it asks for lasting passwordless sudo and plaintext VPN credentials in ways users should review carefully before installing.

Install only if you are comfortable giving this skill persistent passwordless control over VPN startup and process termination. Review the sudoers line before running setup, avoid installing it on shared or sensitive machines, use dedicated low-privilege VPN credentials, and remove the sudoers file and ~/.vpn credentials when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
Findings (19)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes shell, file, and network operations but does not declare permissions, which reduces transparency and prevents users from making an informed trust decision before use. In this context, the hidden capabilities are more concerning because the skill also instructs users to alter sudoers and manage VPN connections, increasing the operational risk of the undocumented access.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script persistently grants passwordless sudo not only for OpenVPN but also for /usr/bin/killall and /bin/kill, which broadens privilege beyond the minimum needed for setup. This creates a lasting local privilege-escalation foothold: any later process running as the user can terminate arbitrary root-owned processes or abuse these commands in ways unrelated to VPN rotation.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The fallback call to sudo -n killall openvpn will terminate every local OpenVPN process, not just the process started by this skill. In a multi-user or multi-service environment, that can disrupt unrelated VPN sessions, break connectivity, and interfere with security controls that rely on another OpenVPN tunnel.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The changelog explicitly advertises a 'Catastro API example demonstrating rate limit bypass' in a skill whose stated purpose is rotating VPNs to evade limits and access restricted data. Even though this is documentation rather than executable code, it documents and promotes policy-evasion behavior that facilitates abuse of third-party services, making the overall skill more dangerous in context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to enable passwordless sudo for OpenVPN but does not warn about the privilege escalation and misuse risks that come with granting unattended root-level network control. In the context of a skill explicitly designed to evade rate limits, this is more dangerous because it normalizes elevated privileges for automation that may be used for abusive scraping or operationally unsafe workflows.

Missing User Warnings

High
Confidence
97% confidence
Finding
The setup wizard is described as configuring passwordless sudo without a prominent warning about the security implications of granting NOPASSWD access to OpenVPN and killall. This is dangerous because it normalizes privilege reduction safeguards being removed, and in a skill explicitly aimed at bypassing rate limits, that elevated execution path is more likely to be abused or invoked unsafely.

Missing User Warnings

High
Confidence
99% confidence
Finding
The manual setup directly instructs users to create a passwordless sudoers entry for /usr/sbin/openvpn and /usr/bin/killall without a strong warning or discussion of safer alternatives. That creates a persistent privilege boundary weakening on the host, and because the skill is intended to automate repeated VPN rotation for scraping and rate-limit evasion, the privileged commands may be triggered frequently and by surrounding automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Repeating the passwordless sudo instruction in troubleshooting reinforces an unsafe configuration without warning users about the security tradeoff. Troubleshooting sections are often copied verbatim by users, so presenting this as routine guidance increases the chance of persistent insecure privilege changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions direct users to persist VPN credentials in a plaintext file under their home directory. Even with chmod 600, plaintext secrets on disk can be exposed through backups, local compromise, shell history mistakes, or accidental reuse, and the document provides no warning or safer handling guidance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions tell users to place NordVPN service credentials into a local plaintext file under ~/.vpn/creds.txt and persist downloaded .ovpn files without any warning about secure handling, secret lifecycle, or host compromise risk. In the context of a VPN-rotation skill explicitly intended to bypass rate limits and support scraping, storing reusable VPN credentials locally increases the chance of credential theft, unauthorized VPN use, and exposure of the user's VPN account if the machine or home directory is accessed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions explicitly tell the user to place long-lived OpenVPN credentials into a plaintext file on disk. Even with `chmod 600`, those secrets remain exposed to local compromise, backups, shell history mistakes, misconfigured home directories, and accidental disclosure, and the document does not clearly warn users about the sensitivity or lifecycle of the credential file.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script collects VPN credentials interactively and writes them to a persistent plaintext file without first warning the user that the secrets will be stored on disk. Even with mode 600, plaintext credential persistence increases the chance of later disclosure through backups, endpoint compromise, shell automation mistakes, or shared-account misuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script modifies /etc/sudoers.d to enable passwordless root execution without presenting a clear security warning or obtaining explicit informed consent. Because the permission is persistent and broad enough to affect system process control, this materially weakens host security after setup completes.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
This will:
- Check OpenVPN is installed
- Help you configure your VPN provider
- Set up passwordless sudo
- Test the connection

### 2. Manual Setup
Confidence
88% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
### Connection fails

1. Check credentials are correct
2. Test manually: `sudo openvpn --config ~/.vpn/servers/server.ovpn --auth-user-pass ~/.vpn/creds.txt`
3. Check VPN provider account is active

### Still getting blocked
Confidence
78% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
echo "   ✅ Sudoers already configured"
else
    echo "   Adding sudoers entry..."
    echo "$USER ALL=(ALL) NOPASSWD: /usr/sbin/openvpn, /usr/bin/killall, /bin/kill" | sudo tee "$SUDOERS_FILE" > /dev/null
    sudo chmod 440 "$SUDOERS_FILE"
    echo "   ✅ Sudoers configured"
fi
Confidence
97% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
])
        
        if result.returncode != 0 and "password" in result.stderr.lower():
            self._log("❌ sudo requires password. Run setup.sh first.")
            return False
        
        # Wait for connection
Confidence
91% confidence
Finding
sudo

Session Persistence

Medium
Category
Rogue Agent
Content
# Install OpenVPN
sudo apt install openvpn

# Create config directory
mkdir -p ~/.vpn/servers

# Download .ovpn files from your VPN provider
Confidence
84% confidence
Finding
Create config directory mkdir -p ~/.vpn/servers # Download .ovpn files from your VPN provider # Put them in ~/.vpn/servers/ # Create credentials file echo "your_username" > ~/.vpn/creds.txt echo "yo

Chaining Abuse

High
Category
Tool Misuse
Content
echo "   ✅ Sudoers already configured"
else
    echo "   Adding sudoers entry..."
    echo "$USER ALL=(ALL) NOPASSWD: /usr/sbin/openvpn, /usr/bin/killall, /bin/kill" | sudo tee "$SUDOERS_FILE" > /dev/null
    sudo chmod 440 "$SUDOERS_FILE"
    echo "   ✅ Sudoers configured"
fi
Confidence
95% confidence
Finding
| sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.