Reolink Remote Backup

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it needs review because it asks users to run privileged setup scripts that open network services and install ongoing sync/deletion jobs with limited guardrails.

Install only if you are comfortable reconfiguring a dedicated VPS and local machine. Review each script before running it, keep the default /srv/reolink path unless you add path validation, use a numeric retention window, restrict firewall access where practical, keep FTPS enabled except for tightly controlled debugging, and know how to disable the systemd timer and remove the cron retention job.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill instructs the operator to run setup scripts on a VPS as root and to install services, open firewall ports, create users, and write persistent systemd units without any explicit warning or review step. This is dangerous because it encourages blind execution of privileged scripts that can permanently change system configuration, widen network exposure, or introduce insecure defaults if the scripts are flawed or tampered with.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal