Cachyos Expert

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate CachyOS/Arch administration skill, but its reference material includes powerful system-changing commands that need review before use.

Install only if you want an advanced German CachyOS/Arch administration assistant and are comfortable reviewing commands before running them. Require backups, dry-runs where possible, explicit confirmation for destructive actions, and avoid remote script piping; be especially careful with rm -rf, --delete, prune, package keyring resets, boot/encryption repair, firewall/VPN routing, Docker group membership, systemd linger, and kernel mitigations=off.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (16)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill is configured to trigger on very broad phrases such as common Arch/CachyOS admin problems, which can cause it to activate in many routine contexts without clear user intent. Over-broad activation increases the chance of unsolicited system-level guidance, including risky commands for package management, boot repair, or kernel changes.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document includes restore and delete commands for Timeshift without an explicit warning that restore operations can overwrite system state and delete operations can permanently remove snapshots. In a backup-and-recovery guide, these commands are expected, but omitting a nearby data-loss warning increases the chance of accidental destructive use by less experienced users.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The rsync mirror example uses --delete, which will remove files from the destination that are not present in the source. In backup documentation, this is a legitimate option, but without a warning or dry-run guidance it can easily cause unintended data loss if source/destination paths are mistaken.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document recommends a destructive `rm -rf` command to reset a Steam Proton prefix without an explicit warning about irreversible data loss or the need to verify the target path and APPID first. In a troubleshooting guide, users may copy-paste this blindly, causing loss of save data, configuration, or other files if the path is edited incorrectly.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The gaming kernel parameter section recommends security-relevant boot flags such as `mitigations=off` and `split_lock_detect=off` without an adequate warning about the security tradeoff. Disabling CPU mitigations reduces protection against known hardware side-channel and kernel hardening issues, which is especially risky on shared, multi-user, or network-exposed systems.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The WireGuard section instructs users to generate and handle private/public key material but does not warn that the private key must be protected, stored with restrictive permissions, and not left in the current working directory or shared accidentally. In a systems administration skill, this omission is security-relevant because users may copy commands verbatim and expose VPN credentials.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The packet-capture instructions recommend `tcpdump` and Wireshark without noting that captures can collect credentials, session tokens, internal hostnames, and other sensitive traffic. In a networking guide, this is contextually more dangerous because packet capture is a powerful but privacy-sensitive action that users may run on shared or production networks.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document includes `sudo pacman -Rns <paket>` as a ready-to-run removal command without instructing users to preview the removal set or verify consequences first. In a package-management skill, this can lead to accidental removal of important packages and configuration, causing service breakage or an unbootable system if misapplied.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guide recommends deleting `/etc/pacman.d/gnupg` with `rm -rf` to reinitialize the pacman keyring, but does not strongly warn that this resets package-signing trust state and may leave package verification broken until recovery is completed. Because this skill is specifically about Arch/CachyOS administration, readers are more likely to execute the sequence on production systems, increasing the chance of lockout or insecure recovery steps.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide includes `rm -rf ~/.cache/paru/clone/*` without warning that this irreversibly deletes local AUR build clones and any uncommitted changes within them. While impact is limited to user cache data, it can still cause data loss and frustrate recovery or auditing of previous PKGBUILD changes.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: `sudo pacman -Rns $(pacman -Qtdq)` can remove many packages at once, but the guide does not tell users to inspect the orphan list before executing it. In Arch-derived systems, orphan detection can still surface packages a user wants to keep, so blind removal may break workflows or remove important utilities.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The Docker cleanup section includes commands such as `docker system prune -af`, `docker volume prune`, and `docker image prune -a` that can permanently delete containers, images, caches, and potentially important unused volumes without an explicit warning about data loss. In a troubleshooting/reference skill, users may copy-paste commands directly, so omission of a strong caution materially increases the chance of accidental destructive action.

External Script Fetching

Low

Category: Supply Chain
Content: # Netzwerk-Speed iperf3 -c speedtest.example.com curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python - # Kernel-Build als Benchmark time make -j$(nproc)
Confidence: 99% confidence
Finding: curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python

Tool Parameter Abuse

High

Category: Tool Misuse
Content: rsync -avhP /source/ /destination/ # Mit Löschen (Mirror) rsync -avhP --delete /source/ /destination/ # Remote rsync -avhP -e ssh /source/ user@server:/destination/
Confidence: 96% confidence
Finding: delete /source/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: # EAC/BattlEye benötigen Game-Developer-Support für Linux # Steam-Prefix zurücksetzen rm -rf ~/.steam/steam/steamapps/compatdata/<APPID>/ # Spezifische Proton-Version pro Spiel erzwingen # Steam → Rechtsklick auf Spiel → Properties → Compatibility
Confidence: 97% confidence
Finding: rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: # EAC/BattlEye benötigen Game-Developer-Support für Linux # Steam-Prefix zurücksetzen rm -rf ~/.steam/steam/steamapps/compatdata/<APPID>/ # Spezifische Proton-Version pro Spiel erzwingen # Steam → Rechtsklick auf Spiel → Properties → Compatibility
Confidence: 97% confidence
Finding: rm -rf ~/.steam/steam/steamapps/compatdata/<APPID>/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal