Sed Tool

Security checks across malware telemetry and agentic risk

Overview

This is a small text-editing skill whose file-changing examples are expected for a sed-style tool and are not hidden or automatic.

Before installing, confirm what executable the sed-tool command will run. Use in-place edits only on intended files, test substitutions without in-place mode first, and keep backups for important files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documentation promotes `-i` in-place editing but does not warn that it directly modifies the target file, which can cause unintended destructive changes if a user applies the command to the wrong file or with an incorrect substitution script. In an agent setting, concise examples are often copied verbatim, so omission of a safety warning increases the likelihood of accidental file corruption or configuration damage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal