AI System Maintenance

Security checks across malware telemetry and agentic risk

Overview

This maintenance skill has a coherent purpose, but it directs the agent to run an unreviewed local repair script that may change the system without clear confirmation or scope.

Review and trust the referenced maintenance script before installing or using this skill. Use it only in environments where automated repair is acceptable, and require the agent to explain what will be changed and get confirmation before running the script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to match ordinary support or status-check conversations, which can cause the skill to run an automated maintenance script unexpectedly. Because the skill directly executes a local script rather than asking for confirmation first, accidental activation could lead to unintended system changes or disruption.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to run an automatic maintenance script immediately, without warning the user that the action may alter system state. In a security context, silent execution of a repair script is dangerous because it can perform privileged or destructive changes, mask root causes, and be abused through benign-looking requests that trigger maintenance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal