Scp Tool

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple user-directed SCP file-transfer wrapper with minor documentation gaps, not hidden or unrelated behavior.

Before installing, confirm you trust the system scp binary and carefully verify source and destination paths. SCP can overwrite files or copy data to the wrong host or directory, and transfers may use your existing SSH keys, SSH agent, or SSH config.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill encourages file transfer operations but does not warn that SCP can overwrite existing files or place data in unintended locations if the destination path is wrong. In a deployment, backup, or remote administration context, that omission can lead to accidental data loss or corruption on either the local or remote host, especially because the examples normalize direct copy operations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal