Back to skill

Security audit

Pans Gpu Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate local GPU reporting tool, but its import command can write sensitive customer data to the default database even when a user chooses another database path.

Review or fix the --db import behavior before using this with real customer data. Until then, avoid importing confidential or client-specific datasets, back up the default metrics file, and minimize or anonymize customer identifiers where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The import path handling is inconsistent: `main()` parses a user-supplied `--db` path, but `cmd_import()` calls `load_db()` and `save_db()` without passing that path, so imports always modify the default database under the skill directory. This can cause users to believe data was imported into an alternate database when it was actually written elsewhere, leading to silent data corruption, cross-client data mixing, or accidental writes to a shared default datastore.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly collects customer names, GPU usage, costs, utilization, failure counts, and business-risk signals, which are potentially sensitive operational and commercial data. Without a user-facing warning, data-classification guidance, or handling limits, operators may paste confidential customer information into an environment that is not approved for such data, leading to privacy, contractual, or business confidentiality exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.