Back to skill

Security audit

Diskmon

Security checks across malware telemetry and agentic risk

Overview

DiskMon is a local plaintext logbook for disk-related notes, but it should not be relied on for automatic disk monitoring or alerts.

Install only if you want a local plaintext logbook for disk-related observations. Do not rely on it for live disk monitoring, automatic alerts, cleanup, backup, restore, or repair actions, and avoid entering secrets or sensitive infrastructure details unless retention under ~/.local/share/diskmon/ and export files is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata and help text claim real-time disk-space monitoring and low-storage alerting, but the implementation only stores arbitrary user input into local log files and never inspects disk usage. This mismatch is dangerous because operators may rely on it for storage monitoring and fail to detect low-disk conditions, creating a deceptive security/operations gap rather than delivering the promised protection.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The interface exposes high-trust operations such as fix, cleanup, backup, and restore even though the stated skill purpose is simple disk-space monitoring. In this implementation they only log input, but presenting unnecessary privileged-sounding actions expands user trust and can socially prime dangerous future changes or misuse under an apparently safe monitoring tool.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The banner and inline documentation represent the script as a sysops/disk monitoring toolkit, but the code does not perform those operations and instead records arbitrary user-supplied content. Mislabeling operational tooling is risky because it can cause users to disclose sensitive operational data and trust nonexistent monitoring, increasing the chance of missed incidents or accidental data retention.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill persistently stores arbitrary user-provided input in local log files with unified history tracking, but the documentation does not prominently warn users before they may enter sensitive operational details, hostnames, incident notes, or backup metadata. In a security or infrastructure context, this can lead to unintended retention of confidential information on disk, where it may later be exposed through local access, backups, exports, or shared environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
These command handlers write arbitrary user-provided input to persistent files under ~/.local/share/diskmon without any consent, warning, retention policy, or sensitivity checks. This is dangerous because users may enter filesystem paths, hostnames, incident notes, or other sensitive operational information expecting transient processing, but the script silently creates a local audit trail that could later be exposed or misused.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The export feature copies all accumulated log contents into new artifacts such as export.json, export.csv, or export.txt with no warning that prior activity data will be replicated. This increases exposure by creating additional copies of potentially sensitive operational input, making accidental sharing or later compromise more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.