Thread Dump Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a focused diagnostic skill for analyzing thread and goroutine dumps, with real but expected sensitivity around collecting live runtime dumps.

Install is reasonable for debugging concurrency incidents. When using it, prefer analyzing dumps the user has already collected and sanitized; if collecting live dumps, confirm the exact process, avoid public pprof exposure, and share dump files only through approved private channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's use conditions are triggered by broad natural-language incident descriptions like 'application is hanging' or 'application not responding,' which can cause the agent to invoke this skill in situations where thread-dump collection is unnecessary or unsafe. Because the skill includes commands that inspect live processes and emit internal stack traces, overbroad activation increases the chance of collecting sensitive runtime data from the wrong target or in the wrong context.

Context Leakage

High

Category: Data Exfiltration
Content: ### 1. `analyze` — Parse and Diagnose Thread Dump #### Step 1: Capture Thread Dump **JVM (Java/Kotlin/Scala):** ```bash
Confidence: 96% confidence
Finding: Capture Thread

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal