Preflight Check

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate preflight checker, but it can expose and save cloud credential values while validating the environment.

Review or modify this skill before installing. Replace secret checks with set/unset tests, require explicit approval for connectivity checks, and ensure any saved report contains only redacted status information. If run as-is, avoid real production tokens and delete preflight-report.json afterward.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Low

Confidence: 93% confidence
Finding: The skill goes beyond passive validation by instructing the agent to persist a diagnostic artifact in the project root. Even if the file is intended for convenience, unexpected write behavior can modify the workspace and create a durable record of sensitive environment state.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The skill explicitly checks secrets by echoing credential variables and even truncates some into output, which still discloses secret material. Partial secret exposure can aid token identification, correlation, logging leakage, and accidental persistence in chat transcripts or files.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The markdown directs the agent to save a report to the project root without an explicit warning that this is a workspace write. This can surprise users, pollute repositories, and preserve diagnostic data longer than intended.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill accesses numerous sensitive environment variables and instructs connectivity checks against external services without a clear privacy warning or consent boundary. In practice, this increases the chance that credentials are exposed in outputs, logs, shell history, or transmitted off-host during validation.

Ssd 3

High

Confidence: 99% confidence
Finding: The workflow semantically requires exposing credential-derived material by echoing environment variables and incorporating results into reports. This creates a direct path for sensitive data disclosure through terminal output, model context, logging systems, and downstream artifacts.

Ssd 3

High

Confidence: 98% confidence
Finding: The reporting flow combines credential checks with structured report generation and file persistence, increasing the chance that sensitive or credential-derived details are stored on disk. Saved artifacts are easier to exfiltrate, commit to source control, or recover later by other tools and users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal