Security audit

Proxima VPS autoamtion

Security checks across malware telemetry and agentic risk

Overview

This documentation-only VPS setup skill is coherent overall, but it should be reviewed because it normalizes passwordless root SSH for routine tunnel and IDE/MCP access.

Install only if you are comfortable with a high-authority VPS setup workflow. Use root only for initial host setup, prefer a dedicated non-root SSH account or narrowly scoped wrapper for ongoing MCP/tunnel access, keep REST/VNC/noVNC bound to localhost or authenticated SSH tunnels, and review the Proxima repository and npm dependencies before running the documented install steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document repeatedly instructs users to create SSH tunnels and MCP access using the `root` account, normalizing privileged remote access for routine GUI, REST, and MCP operations. If the local IDE, MCP client, SSH config, or forwarded session is misused or compromised, the attacker would gain full administrative control of the VPS instead of being constrained to a least-privilege service account.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The runbook explicitly enables the application's REST API while directing the operator to perform root-level system changes, but it does not include a warning about the security and operational impact of exposing management functionality or altering host services. Even though later steps bind GUI-related services to localhost, enabling additional remote-control surfaces without explicit cautions can lead to accidental exposure, misconfiguration, or unsafe deployment by an operator following the runbook verbatim.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The troubleshooting instructions tell users to establish an SSH tunnel as `root` without any justification or warning, normalizing privileged remote access for a non-privileged task. In the context of a VPS setup skill, this increases the chance that users enable or rely on root SSH access unnecessarily, which broadens the blast radius of credential theft, host compromise, or operator mistakes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.