Back to skill

Security audit

DNS & Networking

Security checks across malware telemetry and agentic risk

Overview

This is a coherent networking troubleshooting skill, but it includes ready-to-run privileged firewall and proxy configuration changes that deserve user review before installation.

Install only if you want an agent to have networking troubleshooting reference commands, and review before allowing it to run privileged or persistent examples. In particular, do not automatically run firewall allow/deny/reset, iptables-save, global proxy configuration, /etc/hosts changes, certificate-bypass commands, or inline proxy credential examples on production or remote systems without explicit approval and a rollback plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a diagnostics aid, but this section includes system reconfiguration actions such as changing firewall policy, enabling/disabling firewall behavior, and setting proxy/tool configuration. That scope expansion is risky because an agent or user may treat the skill as read-only troubleshooting guidance while actually applying persistent network-access changes that can expose services or break connectivity.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The documented behavior goes beyond simple inspection of DNS state and includes privileged cache-flushing operations that modify system behavior. While common in troubleshooting, these actions are not clearly distinguished from safe read-only checks, which increases the chance of unintended system changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The firewall examples include commands to allow, deny, enable, and reset rules without warnings about lockout, service interruption, or persistence effects. In a troubleshooting context, copying these commands blindly can accidentally expose services or sever remote administrative access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The proxy examples place credentials directly in environment variables, which can leak through shell history, process listings, logs, CI output, or inherited environments. This creates unnecessary credential exposure risk, especially on shared systems or automated runners.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Flush DNS cache
# macOS:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
# Linux (systemd-resolved):
sudo systemd-resolve --flush-caches
# Windows:
Confidence
78% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Flush DNS cache
# macOS:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
# Linux (systemd-resolved):
sudo systemd-resolve --flush-caches
# Windows:
Confidence
78% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# macOS:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
# Linux (systemd-resolved):
sudo systemd-resolve --flush-caches
# Windows:
ipconfig /flushdns
Confidence
77% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Allow incoming from specific IP
sudo iptables -A INPUT -s 203.0.113.0/24 -p tcp --dport 22 -j ACCEPT

# Block incoming on a port
sudo iptables -A INPUT -p tcp --dport 3306 -j DROP
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo iptables -A INPUT -s 203.0.113.0/24 -p tcp --dport 22 -j ACCEPT

# Block incoming on a port
sudo iptables -A INPUT -p tcp --dport 3306 -j DROP

# Save rules (persist across reboot)
sudo iptables-save > /etc/iptables/rules.v4
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo ufw enable

# Allow/deny
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 203.0.113.0/24 to any port 22
sudo ufw deny 3306
Confidence
94% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Allow/deny
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 203.0.113.0/24 to any port 22
sudo ufw deny 3306
Confidence
94% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Allow/deny
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 203.0.113.0/24 to any port 22
sudo ufw deny 3306

# Check status
Confidence
94% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 203.0.113.0/24 to any port 22
sudo ufw deny 3306

# Check status
sudo ufw status verbose
Confidence
92% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo ufw deny 3306

# Check status
sudo ufw status verbose

# Reset all rules
sudo ufw reset
Confidence
97% confidence
Finding
sudo

VirusTotal

32/32 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.