Security audit

devopsellence

Security checks across malware telemetry and agentic risk

Overview

This is a coherent DevOps skill, but it includes high-impact node cleanup commands that can remove or uninstall deployment infrastructure without explicit confirmation guidance.

Install only if you are comfortable letting an agent operate devopsellence infrastructure. Before any cleanup or node-management action, require the agent to show the target node, environment, and likely impact, then get explicit confirmation before running detach, agent uninstall, node remove, or commands using --yes, provider tokens, SSH keys, or production secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents destructive cleanup commands (`agent uninstall`, `node remove --yes`) that can permanently detach and remove deployment infrastructure without requiring an explicit confirmation step in the skill guidance. In an agent-driven workflow, users may approve a general cleanup request without realizing these commands are irreversible, increasing the risk of accidental service disruption or loss of node state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.