Rkhunter

Security checks across malware telemetry and agentic risk

Overview

The skill only prints static reference text and does not access or change the system, but its rkhunter guidance is generic and should not be treated as authoritative.

Install only as a lightweight static reference helper. Do not rely on it for production rkhunter setup, rootkit detection, or security decisions; verify real rkhunter commands and procedures against official documentation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script is advertised as an rkhunter reference tool, but every command emits generic placeholder sysops guidance rather than rkhunter-specific content. This is a real integrity and trust problem: operators may rely on the tool for security-sensitive guidance and receive misleading or unusable output, which can cause misconfiguration, missed detection steps, or unsafe operational decisions.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The inline documentation explicitly represents the script as an rkhunter reference tool, but the implemented behavior does not support that claim. In a sysops/security context, deceptive or incorrect documentation increases the chance that users trust the tool for host-based rootkit detection guidance and fail to perform the correct rkhunter tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal