Back to skill

Security audit

Nc Tool

Security checks across malware telemetry and agentic risk

Overview

The skill is a netcat-style networking tool that discloses dual-use scanning, listening, and data-transfer capabilities but does not set clear safety boundaries.

Install only if you need authorized network diagnostics. Use it only on systems and networks you own or have explicit permission to test, avoid broad port ranges, bind listeners narrowly when possible, and do not pass sensitive data through ad hoc network connections.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly enables outbound and inbound network connections, port scanning, and data transfer, but does not warn users about the security, legal, and operational risks of using those capabilities. In an agent context, this can facilitate unintended scanning of third-party systems, data exfiltration, or opening listeners without informed user consent or clear safety boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.