Security audit

SDR Project Design

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SDR planning skill, but some examples could lead users to expose radio devices or record/share sensitive radio traffic without enough safeguards.

Review before installing or following its snippets. Prefer least-privilege USB/device mappings, avoid world-writable SDR device rules when possible, bind SDR network services to localhost or trusted interfaces, use firewall/VPN/authentication for any remote access, and verify local law and privacy obligations before recording, archiving, rebroadcasting, or publishing radio traffic.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is extremely broad and overlaps with generic research, planning, comparison, and implementation-help requests. In an agent environment, this can cause over-invocation or incorrect routing, letting the skill intercept prompts beyond narrowly scoped SDR project design and potentially influence system behavior or expose unrelated context.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The file documents network-accessible SDR sharing mechanisms like rtl_tcp, SoapyRemote, and binding to all interfaces without warning that these services expose live radio sample streams and device control over the network. In an SDR operations context, that can leak captured RF data, permit unauthorized remote use of attached hardware, and broaden attack surface if deployed on untrusted networks.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The recipe explicitly recommends an optional public distribution path for scanner traffic without any accompanying warning about legal restrictions, privacy risks, consent, or operational harm. In an SDR/project-planning skill, that omission can normalize unsafe deployment and lead users to publish sensitive or regulated communications in jurisdictions where doing so is illegal or harmful.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document explicitly encourages persistent observability, capture, and offline storage of radio data but does not pair that guidance with any legal, privacy, or data-handling constraints. In an SDR planning skill, this omission can normalize collection and retention of potentially sensitive communications or identifiers, increasing the risk that downstream agents propose unlawful or privacy-invasive deployments.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The public-safety archive/search guidance directly recommends ingest, recording, and searchable playback of trunked radio traffic without any warning about legal restrictions, sensitive content, or privacy harms. Because this section frames archival and indexing as a desirable deployment pattern, it could enable creation of systems that store and expose sensitive emergency or personal communications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal