Hxd Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can trigger broad root-level deployment actions on a live server without enough confirmation safeguards.

Install or use this only if you control the listed server and want the agent to deploy this exact service. Before use, narrow the trigger phrases, require a final confirmation showing host, account, artifact path, and service name, use a limited deployment account instead of root, and verify the SSH host key instead of disabling host-key checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase '部署服务' is overly broad and can cause the skill to activate for unrelated deployment requests. Because this skill performs privileged remote actions against a production server as root, accidental invocation could lead to unintended file replacement and service restarts on the wrong request.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill automates uploading a JAR, replacing the live binary, and restarting a production service, but it does not require an explicit warning or confirmation about downtime and remote system modification. In a high-impact production context, this raises the risk of accidental disruptive actions and unsafe execution without informed user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal