Auditd

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Linux auditd reference skill, but some example commands can weaken or change host auditing if copied without care.

Install this only if you want an auditd/Linux auditing command reference. Treat the auditctl, auditd.conf, audit2allow, and semodule snippets as privileged administrator examples: check current rules first, avoid deleting or disabling auditing except during intentional maintenance, and review generated SELinux policy before installing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script includes `auditctl -D` as a ready-to-run example without any warning that it deletes all active audit rules. In a reference skill, users may copy commands directly, so this can unintentionally disable monitoring coverage and weaken detection or compliance posture until rules are restored.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The tools reference shows `auditctl -e 0` alongside other commands without warning that it disables auditing entirely. Because this is operational security documentation, presenting the disable command as a normal example increases the chance of copy-paste misuse that can blind audit logging and undermine forensic visibility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal