Back to skill

Security audit

wrk

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrk load-testing guide with safety warnings, though its randomized IP header examples should only be used in explicitly authorized test environments.

Install only if you need wrk load-testing help. Use it against systems you own or are explicitly authorized to test, start with low traffic, and avoid the randomized IP header examples unless the target team has approved that exact scenario and understands the logging, rate-limit, WAF, and audit impacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill provides concrete instructions and code to randomize X-Forwarded-For and X-Real-IP headers, which are commonly used for client identity, rate limiting, logging, abuse detection, and access controls. Although framed as load testing, ordinary performance testing does not require spoofing client IP metadata, and this guidance could enable evasion of IP-based defenses or produce misleading audit and observability data even in otherwise authorized environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.