fn-fpk

Security checks across malware telemetry and agentic risk

Overview

This documentation-only NAS app packaging skill is mostly coherent, but it includes overbroad host-level permission guidance that users should review before use.

Install only if you are comfortable using a skill that helps create NAS apps with root-capable lifecycle scripts, Docker services, CGI proxies, and package installation steps. Before applying its examples, prefer scoped FPK file permissions over adding app users to broad host groups, and manually review any generated shell scripts before running or packaging them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill recommends modifying host-level user/group membership with `sudo usermod -a -G Users <appname>` and restarting a system service to grant broader filesystem access. That expands the application's privileges outside the packaged app permission model and can expose user data or weaken tenant isolation on the NAS.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal