jenkins-fix

Security checks across malware telemetry and agentic risk

Overview

This Jenkins assistant is mostly purpose-aligned, but it can start real CI/CD builds from broad chat prompts without a confirmation step.

Install only if you intend this assistant to operate your Jenkins instance. Use a dedicated least-privilege Jenkins API token, restrict it to safe jobs and branches where possible, require human confirmation before builds or deployments, and fix or remove the DingTalk helper's hardcoded script path before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill advertises very broad trigger terms such as '构建', 'build', '编译', '打包', '部署', 'Jenkins', 'job', and '项目', which are common in normal developer conversations. This can cause unintended activation of a privileged Jenkins automation skill, potentially listing jobs, triggering builds, or exposing build status and artifact links when the user did not explicitly intend to invoke Jenkins actions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script will trigger remote Jenkins builds immediately based on a parsed command, without any confirmation, dry-run, or explicit warning that a state-changing operation is about to occur. In an agent or chat-driven context, this increases the chance of accidental or prompt-influenced job execution, which can consume CI resources, deploy code, or run privileged build steps on internal infrastructure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal