Back to skill

Security audit

VPS Command Runner

Security checks across malware telemetry and agentic risk

Overview

This skill openly manages VPS servers, but it gives broad remote command power while encouraging weak SSH credential and host-verification practices.

Install only if you intentionally want agent-assisted administration of your own VPS fleet. Before use, replace password-based sshpass flows with least-privilege SSH keys or a secure secret source, keep host key verification enabled, store host inventory outside the shared skill, test commands on one host first, and require explicit approval before commands that change services, containers, files, users, firewall rules, or deployments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation explicitly promotes executing arbitrary commands and deploying updates across all VPS, yet it provides no strong warning, guardrails, approval step, or limitation on destructive operations. In a fleet-management context, this greatly amplifies the blast radius of mistakes, prompt injection, or misuse, allowing a single unsafe command to disrupt multiple servers or services at once.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script executes an arbitrary user-supplied command across every configured VPS with no confirmation, allowlist, or guardrails, so a single mistake or maliciously chosen command can cause fleet-wide damage. In the context of a multi-host administration skill, the blast radius is much larger than a normal local shell wrapper because destructive actions are replicated across all servers.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script stores SSH credentials directly in plaintext variables and passes the password to sshpass, exposing secrets to source control leaks, local file disclosure, shell history/process inspection, and accidental sharing. This becomes more dangerous in a VPS-management skill because the same credential may grant administrative access to multiple servers, amplifying compromise across the environment.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script hardcodes a username/password workflow and uses sshpass with StrictHostKeyChecking disabled, which exposes credentials and makes man-in-the-middle attacks easier. It also enables arbitrary remote command execution on a target host with minimal safety controls, so misuse, credential theft, or accidental destructive commands could impact production systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script authenticates with `sshpass` using a plaintext password and also disables SSH host key verification with `StrictHostKeyChecking=no`. This combination exposes credentials to interception and makes man-in-the-middle attacks much easier, which is especially risky in a tool intended to connect to multiple VPS hosts and potentially internal infrastructure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script stores and uses credentials in shell variables (`USER` and especially `PASS`) directly in the script, encouraging operators to hardcode secrets in a file. In practice this can leak passwords through source control, backups, file permissions, process inspection, or accidental sharing of the skill, creating reusable credential exposure across all managed servers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.