Back to skill

Security audit

Linux Kernel Crash Debug

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Linux kernel crash-debugging skill, though its guidance involves powerful kernel tools and sensitive crash-dump files.

Install only if you intend to perform Linux kernel crash or vmcore analysis. Treat vmcore files as sensitive memory dumps, keep them access-controlled and encrypted where possible, and do not run live-system, kdump, sysrq, debugfs, or raw crash write-capable commands on production hosts unless an experienced operator explicitly approves the action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This section expands beyond passive vmcore analysis into live-system configuration and write-capable workflows, including enabling debug features, writing to /sys interfaces, and mentioning crash's write-capable kernel modification command. In an agent context, such guidance can cause system state changes, performance degradation, or unsafe kernel mutation if followed automatically on production systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide presents advanced kernel debugging methods that can materially affect system stability, performance, and behavior, but it does not prominently warn users about production impact before introducing the techniques. In this context, commands involving kernel rebuilds, tracing, sanitizer modules, and debug sysctls could be applied on live systems by less experienced users, leading to outages or misleading diagnostics.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The section documents netdump as a remote crash collection mechanism without warning that vmcore files can contain highly sensitive kernel and process memory, including secrets, credentials, and proprietary data. In a kernel crash-debugging skill, readers may reasonably follow the guidance operationally, so omitting confidentiality and transport protections increases the risk of exposing sensitive memory over an untrusted or weakly protected network path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.