Back to skill

Security audit

Perf Profiler

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate Linux performance-troubleshooting purpose, but it should be reviewed because it includes broad root-level tracing, kernel/user memory inspection, network trace sharing, and shell-command execution hooks without enough safety guardrails.

Install only if you are comfortable with a skill that may guide an agent to run root-level Linux tracing and host-modifying setup commands. Use it on authorized systems, prefer a test or maintenance window, pin and verify any source you build, scope captures to specific PIDs/CPUs and short durations, avoid the documented system() expression function unless you fully trust the expression, do not expose trace listeners on public interfaces, and treat captured stacks, paths, syscall data, and memory-derived values as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes commands to clone source code, install packages with yum, and compile software on the host. Even though it says to ask for user confirmation first, this materially expands the skill from passive diagnostics into host modification and supply-chain exposure, which can change system state, pull unpinned code from the network, and increase risk on production machines.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Documenting kcore as a normal analyzer exposes a capability to read kernel virtual memory, which can reveal highly sensitive data and bypass ordinary application-level boundaries. In a diagnostic skill this is more dangerous because operators may treat it as routine troubleshooting guidance, despite the elevated privileges and confidentiality risks involved.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs users to manually create kprobes and uprobes via tracing control files, which enables arbitrary runtime instrumentation of kernel and user-space code. This goes beyond ordinary observation and can affect stability, expose sensitive arguments/data, and create a powerful mechanism that could be misused for stealthy inspection of processes or kernel behavior.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented expression language includes a built-in `system(const char *format, ...)` function that formats and executes shell commands. In a profiling tool, expression inputs may be user-supplied or derived from event fields, so this creates a direct command-execution primitive that can lead to arbitrary code execution, privilege misuse, or command injection if untrusted data is incorporated.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The documentation advertises push/pull network transmission and listening behavior in a performance tool without explaining authentication, encryption, bind-scope restrictions, or exposure risks. Because trace events may contain process names, paths, syscall details, stack traces, or other sensitive telemetry, users could unknowingly expose internal data or open a listener on an unsafe interface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises `system()` as a normal expression function but provides no warning that it executes shell commands or that formatted arguments can become dangerous when influenced by user input or event data. This omission increases the likelihood of unsafe use, especially because the surrounding skill is for diagnostics and users may reasonably expect expressions to be limited to analysis logic rather than shell execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples instruct users to write directly to /sys/kernel/debug/tracing control files, enabling and modifying live kernel tracing state. In a performance-analysis skill this is expected functionality, but without explicit warnings about root privileges, debugfs access, persistence of changed tracing state during the session, and possible system-impact or data exposure, users may run high-risk commands on production systems without understanding the consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The command that truncates kprobe_events clears all configured probes, which is a destructive global operation affecting any concurrent tracing workflows on the host. In shared or production environments this can disrupt diagnostics, remove other users' probes, and make incident or performance investigations lose visibility unexpectedly.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document instructs users to read kernel instruction bytes via kcore and trace memory accesses, but it does not clearly warn that this can expose sensitive kernel-state information, require elevated privileges, and destabilize or degrade a production system if used on hot paths. In a performance-analysis skill, these capabilities are legitimate, but the lack of explicit safety guidance increases the risk of accidental misuse rather than indicating malicious intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly states that kmemleak tracing requires root privileges and can trace kernel/user memory allocation activity, but it does not provide a clear warning about operational risk, overhead, or exposure of sensitive process/kernel metadata. In a security-sensitive environment, encouraging privileged tracing without caution can lead to unintended disruption, collection of sensitive call stacks, or unsafe use on production systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly requires root privileges and recommends capturing kernel, user, and Python call stacks, but it does not warn that these operations can impose measurable system overhead and may expose sensitive execution context such as process names, code paths, memory allocation behavior, and potentially symbolized application internals. In a production troubleshooting skill, omission of these safety notes can lead operators to run invasive tracing on live systems without understanding performance, privacy, or data-handling risks.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The documentation explicitly states that the tool requires root privileges or CAP_PERFMON, but it does not warn that these permissions provide powerful system-observability capabilities and can expose sensitive process, kernel, and workload information. In this skill’s context, the feature is legitimate for low-level Linux performance analysis, but the omission can still lead users to run the tool with elevated privileges without understanding the security and privacy implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document instructs users to run task-state with CAP_SYS_ADMIN/root and optionally use ptrace-based thread tracing, but it only mentions performance pause/capability requirements and does not clearly warn about the security, privacy, and system-stability implications. In practice, these options can expose process metadata/call stacks and increase operational risk on production systems, especially in multi-tenant or sensitive environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly requires root or CAP_SYS_ADMIN to run live tracing, but it does not warn that these privileges and the captured event streams can expose sensitive process names, command activity, kernel behavior, and potentially destabilize production systems if misused. In a performance-tracing skill, omission of safety guidance is meaningful because users may run the examples on live hosts without understanding operational and privacy consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples show network transmission of trace events to 192.168.1.100:8888 and listening on 0.0.0.0:8888, but provide no warning about confidentiality or exposure. In this skill context, the tool runs with elevated privileges and can capture detailed system activity, so transmitting or exposing that data over the network can leak sensitive operational and security information.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.