Back to skill

Security audit

Omz

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches Oh My Zsh management, but it also directs persistent shell-startup changes and an unrelated automatic skill-upgrade action without enough user control.

Review carefully before installing. Use it only if you want an agent to edit `.zshrc`, write auto-loaded `$ZSH_CUSTOM/*.zsh` files, and potentially clone third-party zsh plugins. Ask the agent to show exact diffs and plugin repositories before applying changes, and do not allow `/skill-manager upgrade omz` unless you separately requested a skill update.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to perform a self-improvement action by running `/skill-manager upgrade omz` after completing its main task. That behavior is unrelated to Oh My Zsh management and creates an unnecessary secondary execution path that could modify tooling or fetch updated content without clear user authorization, expanding the attack surface beyond the requested shell configuration task.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is broad enough to activate on many ordinary zsh-related conversations, which can cause the skill to run in situations where the user did not intend shell configuration changes. Overbroad activation increases the chance of unintended file edits or persuasive context injection from unrelated conversations being treated as instructions for this skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description says the skill adds plugins to `.zshrc` and writes `$ZSH_CUSTOM/*.zsh`, but it does not clearly warn that it will modify persistent shell startup files. Without a prominent notice, users may invoke the skill without understanding that it changes login-time execution paths, which can create lasting security and stability consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs writing directly to auto-loaded Oh My Zsh startup files, which creates persistent execution on every new shell session. Even if intended for legitimate customization, this is dangerous because unreviewed or user-influenced content placed in `$ZSH_CUSTOM/*.zsh` will automatically execute and can alter the shell environment, run commands, or introduce persistence without an explicit safety warning.

Session Persistence

Medium
Category
Rogue Agent
Content
# Oh My Zsh Custom Script Authoring

Write `$ZSH_CUSTOM/*.zsh` files based on requirements.

## $ZSH_CUSTOM Path
Confidence
93% confidence
Finding
Write `$ZSH_CUSTOM/*.zsh` files based on requirements. ## $ZSH_CUSTOM Path ```bash echo $ZSH_CUSTOM # default: ~/.oh-my-zsh

Session Persistence

Medium
Category
Rogue Agent
Content
| Key bindings | `keybindings.zsh` | `bindkey '^[[A' history-search-backward` |
| Tool-specific config | `{tool}.zsh` | `docker.zsh`, `k8s.zsh` |

### 3. Write the File

```bash
# Create/modify file
Confidence
95% confidence
Finding
Write the File ```bash # Create/modify file # Write directly to the $ZSH_CUSTOM path ``` ### 4. chezmoi Integration If dotfiles are managed with chezmoi: ```bash # Add a new file chezmoi add $ZSH_

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.