Back to skill

Security audit

DeepMiner Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DeepMiner CLI integration with some sensitive-but-expected data forwarding and background polling behavior users should understand before installing.

Install only if you intend to send selected prompts, uploaded files, and task results to DeepMiner through dm-cli. Avoid including secrets, credentials, regulated data, or private file links unless you are comfortable with DM processing them, and review async task starts because they may consume account resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The skill requires fetching a 'latest version' from an external website via curl before every use, expanding trust from the DM CLI to an unrelated remote web endpoint. That creates a supply-chain and prompt-injection surface: compromised or manipulated remote content could alter operator behavior, and the skill normalizes mandatory network retrieval outside the declared DM interaction scope.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script directly emits user-facing messages based on untrusted DM thread output, bypassing the main agent’s review layer. In this skill context, DM is an external system and its responses may contain misleading instructions, phishing content, or unsafe workflow triggers that are forwarded straight to the user.

Vague Triggers

High
Confidence
86% confidence
Finding
The trigger condition is extremely broad, forcing this skill to activate for essentially any DM-related request. Over-broad activation increases the chance that sensitive user content is routed through this workflow unnecessarily, including its verbatim forwarding and external update-check behavior, which enlarges exposure beyond user intent.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly mandates verbatim relay of all user prompts to DM and verbatim return of all DM outputs, with no filtering, minimization, or sensitivity checks. This creates a direct data-exfiltration path for secrets, personal data, internal instructions, or regulated content whenever the skill is triggered, and the broad trigger conditions make accidental leakage more likely.

Ssd 3

Medium
Confidence
96% confidence
Finding
The polling subagent is instructed to enumerate and reproduce all last_messages and all attachment links verbatim. That can leak complete conversation history, internal tool outputs, and file URLs across session boundaries or back to the user without access checks or need-to-know filtering, especially because the workflow includes automated background notification behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.