Back to skill

Security audit

Whoami Tool Check

Security checks across malware telemetry and agentic risk

Overview

The skill is a small local identity-audit helper whose behavior is disclosed and limited to printing account information, with no evidence of persistence, exfiltration, or destructive actions.

Install only if you want an agent to inspect local account identity and privilege context. Run it in trusted sessions and avoid sharing raw audit output publicly, since usernames, groups, home paths, shells, and sudo status can expose useful reconnaissance details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The implementation does not match the security-sensitive behavior described in the skill metadata. Instead of validating roles, checking sudo access, or auditing capabilities, it only prints the current username, which can mislead downstream users or agents into believing an access audit was performed when it was not. The fallback to the USER environment variable can also report attacker-controlled or inaccurate identity information if pwd lookup fails.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill offers audit modes that enumerate uid, gid, groups, shell, home directory, sudo availability, and existence/details of other users, but it does not warn that this may disclose sensitive account and privilege information. In shared terminals, CI logs, or agent transcripts, that output can leak reconnaissance data useful for lateral movement or privilege-escalation planning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.