Terminal Mode

Security checks across malware telemetry and agentic risk

Overview

This terminal-mode skill is not malicious, but it can read and change files through broad terminal-like commands with unclear filesystem boundaries.

Install only if you are comfortable letting the agent act like a terminal over files it can access. Use it in a sandboxed workspace, avoid sensitive directories, and treat rm, mv, chmod, recursive find, and recursive grep as real file operations that may expose or alter data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger condition is excessively broad because any user message containing “终端” or “terminal” can activate a high-privilege file-operation mode, even when the user did not clearly intend to enter it. In context, this is especially risky because the skill supports destructive and modifying commands such as rm, mv, cp, chmod, and directory traversal, so accidental activation can quickly lead to unintended file access or changes.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill description advertises broad filesystem browsing and manipulation but does not clearly warn users that it can modify, move, delete, and change permissions on files beyond simple viewing. This increases the chance of unsafe use or informed-consent failure, particularly because the skill presents itself as a convenient terminal simulation while exposing impactful commands that can alter user data.

VirusTotal

No VirusTotal findings

View on VirusTotal