Back to skill

Security audit

NeuralDebug

Security checks across malware telemetry and agentic risk

Overview

NeuralDebug has a legitimate debugging purpose, but it gives agents powerful debugger, TCP server, custom code execution, and persistent model-modification workflows that need careful review before use.

Install only after reviewing or pinning the DeepRhapsody repository commit. Run the server locally, do not expose its port, use it only on programs and models you are allowed to inspect or modify, avoid attach/write_memory on production processes, run exec_analysis only from trusted code, and remember that fine-tuning writes persistent model files that may auto-load later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation advertises `exec_analysis` as accepting arbitrary inline code or code from a file while simultaneously asserting it is 'sandboxed' with no filesystem or network access. That is a dangerous security claim unless the sandbox is real, robust, and clearly specified; otherwise users may trust and run untrusted analysis code that can achieve arbitrary code execution or escape via the Python/PyTorch runtime.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference shows users how to execute custom analysis code inline and from files but does not present a prominent warning that this is code execution and must only be used with trusted input. In a debugging tool for AI agents, this omission increases the chance that an agent or operator will run attacker-supplied analysis snippets under the mistaken belief that they are safe.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation states that fine-tuned models are auto-saved to disk and persist across restarts, but it does not clearly warn users that invoking fine-tuning will create persistent local artifacts. In an agent/tooling context, undocumented persistence can surprise users, consume substantial disk space, and retain sensitive or proprietary training data longer than intended.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reset instructions recommend a recursive delete command without any adjacent warning about destructive file deletion or guidance to verify the path before running it. In agent-assisted environments, shell snippets may be copied or executed mechanically, so presenting `rm -rf` casually increases the risk of accidental data loss if the path is edited, expanded unexpectedly, or generalized.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.