CitrineOS Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent CitrineOS administration helper, but users should review commands and confirm any real charging-station action before running it.

Install only if you intend to administer CitrineOS or an OCPP EV-charging environment. Review Docker, npm, sudo, and cloud firewall commands before running them; prefer pinned releases for production; and explicitly confirm the target server and station before start, reset, or other mutating API actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains broad phrases such as "install system," "charging," and "charging station," which can cause the skill to activate for unrelated requests. In an agent with shell/http/filesystem tools, unintended activation increases the chance the agent will run diagnostics or infrastructure-related commands in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal