server-log-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a local server log analyzer whose code matches its stated purpose, with a minor caution that broad trigger words could activate it unexpectedly.

Install if you want local log-file troubleshooting. Use explicit prompts and provide only the log files you intend to analyze. Avoid feeding logs containing secrets, tokens, personal data, or confidential production details unless you are comfortable with those details appearing in the terminal or agent transcript.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad phrases like 'debug', 'exception', and 'check errors' that may appear in many unrelated conversations. This can cause unintended invocation of the skill, potentially exposing log contents or steering the agent into file-processing behavior when the user did not intend to activate this capability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal