Back to skill

Security audit

huawei-cloud-msot-msopprof-operator-profiler

Security checks across malware telemetry and agentic risk

Overview

This profiling skill is mostly coherent, but its troubleshooting documentation includes unsafe system-permission commands that users should review before installing.

Install only if you need Ascend/msopprof operator profiling, and review commands before running them. Avoid disabling SELinux or using chmod 777 on shared or production systems; prefer a user-owned output directory with restrictive permissions and confirm where profiling artifacts will be stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad terms such as "profiler," "Ascend," "NPU," and generic performance-related phrases that can match requests unrelated to this specific skill. Over-broad activation can cause the agent to invoke a skill that runs profiling-oriented commands in the wrong context, increasing the chance of unnecessary data collection or misuse of local tooling.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill documents exporting profiling data to an output path and profiling database, but the user-facing description does not clearly warn that profiling artifacts may contain sensitive operational or model-related metadata and will be persisted. This omission can lead users to invoke the skill without informed consent about where collected data is stored or later analyzed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting guidance advises `setenforce 0` to temporarily disable SELinux in order to work around a permission problem, without any warning about the security impact or safer alternatives. Disabling SELinux weakens host protections system-wide and can expose unrelated processes and data, which is especially risky in operational environments where users may copy-paste commands verbatim.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The guide recommends `chmod 777 /tmp/profiling` to fix output directory issues, making the directory world-writable without any warning or justification. World-writable permissions can enable tampering, symlink attacks, data poisoning, or unintended disclosure of profiling artifacts, particularly on multi-user systems or shared build hosts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The verification script includes `rm -rf output_npu` without any nearby warning or safeguard. Although the target path is a relative directory and appears intended to clean profiling output, destructive deletion commands in documentation can still cause accidental data loss if users run them from the wrong working directory or after modifying variables/paths.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.