Sysinfo Tool

Security checks across malware telemetry and agentic risk

Overview

This is a local system information tool whose behavior matches its diagnostic purpose, but its output can expose host and process details that should be reviewed before sharing.

Install only if you want local diagnostic reporting. Review and redact output before sharing it, especially hostnames, network interface data, disk layout, usernames, and process command lines, because command lines can sometimes contain tokens or internal paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill enumerates running processes and exposes command lines, usernames, CPU, and memory usage for other processes. In many environments, process command lines may contain secrets, internal paths, tokens, or sensitive operational details, so this expands disclosure beyond basic 'system info' and may violate least-privilege expectations.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The tool outputs detailed host information including hostname, OS version, architecture, uptime, network interface statistics, disk layout, and potentially process data without any warning or access control. This information can materially aid reconnaissance, fingerprinting, and follow-on attacks if exposed to untrusted users or logs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal