Back to skill

Security audit

Hostname Tool

Security checks across malware telemetry and agentic risk

Overview

This is a small hostname utility with disclosed admin-sensitive behavior and no evidence of hidden data access, persistence, or exfiltration.

Install only if you intend to inspect or manage the local machine hostname. Before running any command that changes the hostname or asks for root privileges, confirm the exact executable being run and that you intentionally want to change the machine's system identity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documentation tells users they can change the system hostname but does not warn that this alters persistent system configuration and may affect network identity, logs, prompts, service discovery, or hostname-dependent services. In an agent context, missing safety guidance can lead to unintended system changes or operational disruption if a user invokes the modification without understanding the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.