Nomad

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Nomad troubleshooting command reference, though some queries can display sensitive cluster data.

Install only if you want an assistant to query your configured Nomad cluster. Use a least-privilege read-only Nomad ACL token where possible, verify NOMAD_ADDR, namespace, and region before use, and avoid retrieving or sharing allocation logs or Nomad variables unless you are prepared to redact secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill is described as read-only and focused on troubleshooting, but it includes commands that can expose sensitive data, especially `nomad alloc logs` and `nomad var get`. Allocation logs often contain application secrets, tokens, credentials, or personal data, and Nomad variables may directly store sensitive configuration or secret material. Omitting any warning about this can cause users or downstream agents to retrieve and display sensitive information without appropriate caution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal