Rose Docker Build

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Docker-based ROSE compiler build helper, with normal build-time dependency downloads and no evidence of hidden data access or persistence.

Install only if you are comfortable building a Docker image that downloads dependencies from external project repositories. For stronger supply-chain hygiene, review the Dockerfile first and consider pinning repository keys, package versions, and downloaded binaries before using it in a sensitive environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Chaining Abuse

Low

Category: Tool Misuse
Content: RUN wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | apt-key add - \ && echo 'deb https://apt.kitware.com/ubuntu/ focal main' > /etc/apt/sources.list.d/kitware.list \ && apt-get update && apt-get install -y cmake \ && rm -rf /var/lib/apt/lists/* RUN useradd -m -s /bin/bash developer RUN mkdir -p /rose/src /rose/build /rose/install && chown -R developer:developer /rose
Confidence: 82% confidence
Finding: && rm -

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal