Back to skill

Security audit

Starlink

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Starlink management helper, but it needs review because it can expose local device/location data and interrupt service without clear confirmation guardrails.

Install only if you intend to let an agent manage your Starlink equipment. Before using it, verify the CLI source repository, require explicit approval before showing clients or location, and require approval before rebooting or stowing/unstowing the dish.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description includes broad trigger language like internet status, connected devices, and satellite connectivity, which can match common networking-help requests and cause the skill to activate outside narrowly intended Starlink tasks. Because this skill can expose client lists, GPS location, and perform disruptive actions like reboot or stow, over-broad invocation increases the chance of privacy-impacting or integrity-impacting actions in the wrong context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation presents sensitive and disruptive commands such as listing WiFi clients, obtaining GPS coordinates, rebooting the dish, and stowing/unstowing hardware without user-facing warnings or confirmation guidance. In this context, these operations can reveal private household/device information and interrupt connectivity or physically alter device state, making accidental or over-broad execution materially harmful.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.