Linux Ops

Security checks across malware telemetry and agentic risk

Overview

This is a Linux operations cheat sheet with powerful admin examples, but it is disclosed reference material and does not install code, run commands automatically, or hide behavior.

Install only if you want a Linux administration command reference. Treat it as a cheat sheet: review every command before running it, get explicit approval for firewall, user deletion, service control, packet capture, and sudo changes, and avoid the blanket passwordless sudo example unless you have a tightly controlled operational reason.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is described as a network-diagnosis reference, but it includes active firewall modification commands such as allowing, denying, and enabling UFW. In an agent setting, this expands the operational scope from read-only diagnostics to system-changing actions, increasing the risk of accidental service exposure, lockout, or unauthorized configuration changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document lists packet-capture commands and firewall-changing commands without any warning that they may collect sensitive traffic data or alter host connectivity. In an agent workflow, these examples can be surfaced or executed without adequate user awareness, creating privacy, security, and availability risks.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document includes destructive account-removal commands such as `userdel` and `userdel -r` without any warning about irreversible effects like deleting a user's home directory and data. In an ops cheat sheet, these commands are contextually relevant, but presenting them without safeguards increases the chance of accidental destructive use by operators or downstream agents.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The entry `username ALL=(ALL) NOPASSWD: ALL` grants unrestricted passwordless sudo, which effectively gives full root-equivalent access with no authentication barrier for privilege escalation. In a reusable skill, this is dangerous because it normalizes an insecure configuration that can be copied directly into production systems and abused if the account is compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal