Back to skill

Security audit

System Doctor

Security checks across malware telemetry and agentic risk

Overview

This is a local system health diagnostic skill, with one under-documented DNS lookup that users should know about before running it.

Install only if you are comfortable running local system inspection commands on the target machine. Treat terminal, JSON, and HTML reports as sensitive because they may reveal hostnames, IP addresses, routes, filesystems, running services, and logged-in user information. In air-gapped or no-egress environments, avoid the default network check or edit it first because it performs a DNS lookup for google.com.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# DNS resolution test
    try:
        start = time.time()
        result = subprocess.run(
            ["getent", "hosts", "google.com"],
            capture_output=True, text=True, timeout=5
        )
Confidence
90% confidence
Finding
result = subprocess.run( ["getent", "hosts", "google.com"], capture_output=True, text=True, timeout=5 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell commands (`df`, `free`, `ip`, `systemctl`) and can write HTML output files, but it does not declare permissions for those capabilities. This creates a trust and enforcement gap: users or hosting frameworks may assume the skill is read-only when it can execute local commands and create files, which increases risk if the implementation is modified, abused with unsafe argument handling, or run in sensitive environments.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This code performs an external DNS lookup for `google.com`, which exceeds a purely local system-health check and introduces outbound network behavior. In sensitive environments this can leak host activity, depend on third-party infrastructure, and violate least-surprise or no-egress policies.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.