Back to skill

Security audit

expflow Pipeline HPO

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MLOps skill for expflow/PDEBench workflows, with disclosed commands that can launch costly training or HPO jobs if the user runs them.

Install this only if you intend to use expflow with ClearML/Optuna for PDEBench-style experiments. Before running commands, check the queue, trial count, parallelism, timeout, and target scripts so you do not unintentionally consume GPU resources or submit the wrong experiment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad and map to common ML/MLOps requests such as 'run HPO' and 'fast iterate', which increases the chance the skill is invoked unintentionally in unrelated contexts. Because this skill can orchestrate distributed experiments, training, evaluation, and submission workflows, accidental activation could consume compute resources, launch jobs, or alter experiment state without sufficiently explicit user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.