Terminal Command Execution

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed, instruction-only skill for safer terminal command use, but users should still review any command that changes files, installs software, or affects services.

Install this only if you want the agent to help with terminal workflows. Read proposed commands carefully, especially anything involving deletion, force flags, chmod/chown, sudo, package installation, services, networking, or broad filesystem changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill is defined so broadly that it can be invoked for a wide range of command execution, file management, installation, and service-management tasks. That expansive scope materially increases the chance the agent will be routed into performing sensitive or high-risk shell operations without tighter eligibility boundaries or mandatory approval gates.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal