Tripwire

Security checks across malware telemetry and agentic risk

Overview

This is a Tripwire reference skill that prints administrative examples; its sensitive examples are visible and purpose-aligned, but should be used carefully.

Install if you want a Tripwire administration reference. Do not let an agent blindly run the examples on production systems; review commands first, protect Tripwire keys and passphrases, remove plaintext policy/config files after use, and only enable email or Slack/PagerDuty alerting with approved destinations and protected webhook secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The reporting example includes a direct network POST to a Slack webhook containing the hostname, which is host-identifying telemetry. Even though it appears inside documentation text emitted by the script rather than auto-executed logic, users commonly copy-paste these examples, and the script provides no warning that this transmits security event data to a third party.

External Transmission

Medium

Category: Data Exfiltration
Content: tripwire --check --quiet if [ $? -ne 0 ]; then # Send to PagerDuty/Slack/etc curl -X POST https://hooks.slack.com/services/xxx \ -d '{"text":"⚠️ Tripwire violation on '"$(hostname)"'"}' fi ```
Confidence: 94% confidence
Finding: curl -X POST https://hooks.slack.com/services/xxx \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal