wesley dashboard builder

Security checks across malware telemetry and agentic risk

Overview

This dashboard skill is mostly coherent, but it includes live VPS, Docker, public tunnel, Telegram, and persistence instructions that need careful review before use.

Install only if you control the Wesley infrastructure and intend to let an agent help with deployment. Replace hard-coded hosts and domains, avoid root access, require explicit approval before SSH/Docker/Cloudflare/Telegram actions, restrict CORS to known origins, add authentication for non-public data, and avoid sharing live portfolio or signal data unless it is intentionally public.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The guide instructs users to SSH as root to a public VPS and perform direct container file operations, which grants far broader infrastructure control than a dashboard-building skill requires. In the context of an agent skill, embedding root-level operational runbooks increases the chance of unauthorized deployment, accidental system modification, or privilege misuse if the skill is invoked inappropriately.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Editing host docker-compose configuration and restarting containers gives the skill effective control over host service exposure and application lifecycle, which exceeds its stated purpose of building dashboards. This broadens the blast radius from webpage generation to infrastructure reconfiguration, making accidental downtime or unsafe exposure of services more likely.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The instructions create public Cloudflare tunnels, persistent ingress, and DNS mappings, adding external network publication capabilities that are not necessary for merely generating dashboard files. In this skill context, that is especially risky because it can expose internal services to the internet without authentication, review, or environment-specific safeguards.

Context-Inappropriate Capability

Low

Confidence: 92% confidence
Finding: The guide recommends enabling CORS for all origins with `origins=['*']`, which permits any website to issue browser requests to the API. If the API ever exposes sensitive portfolio, signal, or account-linked data, this configuration makes cross-origin data access and abuse significantly easier.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill includes concrete commands to copy files to a remote VPS as root and execute a Dockerized Python service. That goes beyond passive dashboard generation and materially enables direct infrastructure modification, which is risky in an agent context because the agent could perform deployment actions on a live host without an explicit, step-by-step user confirmation gate.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document explicitly walks users through exposing the dashboard and API publicly via Cloudflare tunnels and then sharing the resulting URL, but it does not mention authentication, authorization, privacy review, or limiting public data. In a dashboard skill that may display live performance or signals, public exposure materially increases the risk of leaking sensitive operational or financial information.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger criteria are very broad and mandatory, causing the skill to activate for many generic web/dashboard-related requests involving Wesley. Over-broad activation can route unrelated tasks into a skill that has network access, credential use, and deployment guidance, increasing the chance of unnecessary sensitive actions or data handling.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill declares use of TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, Telegram API access, and media upload behavior without prominent privacy and consent safeguards. In practice, this can lead to external transmission of photos or metadata and use of sensitive credentials without the user fully understanding what leaves the local environment.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The deployment section provides direct SCP, Docker exec, health-check, and public tunnel guidance targeting a live VPS, but does not require explicit acknowledgement that these commands change a production-like environment. In an agent workflow, such instructions can normalize high-impact remote actions and make accidental live modification more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal