Back to skill

Security audit

Notify Tool

Security checks across malware telemetry and agentic risk

Overview

This desktop notification skill appears purpose-aligned, but crafted notification text can trigger unintended local shell command execution.

Review before installing or using this in automation. It should be fixed to call notify-send with a subprocess argument list instead of a shell string. Until then, only pass trusted notification text and avoid using logs, filenames, user input, or process output as titles or messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
try:
        # Try notify-send (Linux)
        urgency_map = {'low': 'low', 'normal': 'normal', 'critical': 'critical'}
        os.system(f'notify-send -u {urgency_map.get(urgency, "normal")} "{title}" "{message}"')
    except:
        print(f"[NOTIFICATION] {title}: {message}")
Confidence
98% confidence
Finding
os.system(f'notify-send -u {urgency_map.get(urgency, "normal")} "{title}" "{message}"')

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.