Security audit

Linux Journey

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Linux lesson recommendation skill with an optional helper script to refresh its public LabEx lesson index.

Reasonable to install for finding free Linux Journey lessons. Use the bundled lesson index for ordinary recommendations, and only run scripts/fetch_lessons.py intentionally; avoid passing untrusted URLs or writing output outside the skill directory unless you mean to.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The --url argument allows fetching arbitrary URLs even though the stated purpose is to retrieve the public LabEx Linux Journey sitemap. If this script is run in an automated or privileged environment, an attacker could repoint it to internal services or unexpected endpoints, creating an SSRF-style network access path and potentially causing untrusted content to be processed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.