performance-mastery

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate performance-tuning skill, but it needs review because it provides many copy-paste commands that can persistently change whole-system settings with uneven safety guidance.

Install only if you are comfortable with a skill that may suggest privileged Linux performance changes. Treat its commands as examples, not safe defaults: test in staging, record current values, avoid production load tests unless approved, protect diagnostic dumps and snapshots, and review every persistent /etc, /sys, /proc, systemd, udev, fstab, and sysctl change before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (19)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document includes disk write benchmarks, database load generation, and network stress commands that can alter data, consume significant resources, and disrupt production services, but it does not clearly warn users about these risks. In a performance-tuning skill, users are especially likely to copy commands into real systems, which makes the omission materially dangerous even if the commands are legitimate benchmarking tools.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This section includes commands that directly change kernel and process behavior, such as writing to /etc/sysctl.conf, disabling transparent huge pages, and setting oom_score_adj, but it does not warn users about rollback, persistence, privileges, or environment-specific side effects. In a performance-tuning skill, users may copy these commands into production systems, which can cause instability, boot-time regressions, or make critical processes harder for the OOM killer to terminate.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This section recommends broad persistent network tuning, including expanding ephemeral port range, changing listen queue sizes, and enabling tcp_tw_reuse, without warning about compatibility, workload assumptions, or operational risks. Because these settings affect the whole host and all applications, a user could degrade networking behavior, interfere with other services, or create hard-to-diagnose production issues by applying them blindly.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Generating a Java heap dump and enabling detailed GC/OOM logging can capture sensitive in-memory data such as credentials, tokens, PII, and business data, yet the document gives no warning about data exposure, file permissions, retention, or secure handling. If operators store dumps in world-readable or broadly accessible locations, the diagnostic artifact itself becomes a sensitive-data disclosure risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This section contains several privileged, system-modifying commands that change scheduler behavior, CPU governor settings, and persistence mechanisms without a prominent upfront warning that they can degrade stability, responsiveness, or power/thermal behavior. In a skill that may be followed verbatim by operators, omission of clear safety gates increases the chance of unsafe application on production systems.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This section contains commands that directly modify kernel block-device scheduler settings and installs persistent udev rules, but it does not prominently warn that these changes require root privileges, can degrade latency/throughput on the wrong device class, and may affect production availability until reverted. In a performance-tuning skill, such commands are expected, but presenting them as ready-to-run snippets without strong disruption warnings creates a real unsafe-operation risk.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The filesystem mount optimization examples include high-risk options such as data=writeback and barrier=0, which can reduce integrity guarantees and increase the chance of corruption or data loss after crashes or power loss. Although the comments mention some tradeoffs, the warning is not prominent enough relative to the severity, making this a true dangerous guidance issue.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document provides many privileged eBPF/bpftrace examples that observe process execution, syscalls, files, network activity, and memory behavior, but the example section itself lacks an explicit warning that these commands typically require root or specific capabilities and can expose sensitive telemetry. In a skill intended for troubleshooting, this omission can lead users to run invasive tracing in production or multi-tenant environments without understanding privacy, stability, or performance implications.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide recommends exposing Go's pprof HTTP endpoints and later suggests enabling pprof in production, but it does not clearly warn that these endpoints can reveal sensitive runtime details such as goroutine stacks, memory layout, request paths, symbols, and performance characteristics. Even when bound to localhost in the example, documentation like this may be copied into real deployments and exposed through port-forwarding, reverse proxies, or misconfigured internal networks, creating information disclosure and attack-surface expansion.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document provides copy-pasteable commands that write directly to /etc/sysctl.d/, apply changes system-wide with `sysctl --system`, and delete configuration with `rm`, but it does not present a prominent warning about root privileges, service impact, rollback limitations, or the risk of degrading network and kernel behavior. In a performance-tuning skill, these are legitimate administrative actions, but presenting them as a ready-made template increases the chance of unsafe execution on production hosts.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This section instructs users to create and persist a swap file by modifying /etc/fstab and kernel settings, which changes system behavior across reboots. While the content is performance-oriented rather than overtly malicious, it lacks strong rollback, prerequisite, and system-wide impact warnings, so users could degrade availability or misconfigure production hosts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide disables THP globally and installs a persistent systemd service, causing a host-wide boot-time configuration change. In a performance skill this is contextually relevant, but without prominent compatibility guidance and rollback steps it can lead to latency, memory, or application behavior changes for unrelated services.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The cache-dropping commands can trigger major I/O churn, cold-cache latency, and misleading benchmark results, especially on busy systems. The existing caution is too weak for an operation that can immediately disrupt performance and, if misused repeatedly, harm service stability.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document says proactive cache dropping does not affect applications, which is inaccurate because it can significantly impact application latency and filesystem performance. That misleading framing increases the chance of unsafe use by operators under pressure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This section recommends persistent kernel/network tuning by appending sysctl settings directly to /etc/sysctl.d without a prominent warning that these are host-wide changes that can affect all workloads and may degrade connectivity or stability if misapplied. Even though the content is performance-oriented and not overtly malicious, the lack of rollback guidance, environment prerequisites, and production-safety cautions makes it operationally dangerous.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document instructs direct modification of /etc/security/limits.conf to raise nofile limits for all users and root, but does not warn that this can affect login sessions, PAM-managed services, and system resource exhaustion behavior. Such blanket changes can unintentionally destabilize a host or widen denial-of-service conditions by allowing processes to consume far more file descriptors.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This section loads the tcp_bbr kernel module and persists congestion-control changes and module loading across reboots without prominently discussing kernel support, network-path compatibility, change-control requirements, or rollback risks. Incorrectly applied congestion-control and qdisc changes can cause connectivity regressions, unfair bandwidth behavior, or hard-to-diagnose performance issues across the entire host.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The file provides a complete persistent high-performance network configuration that alters multiple kernel, socket, conntrack, and congestion-control parameters at once, then applies them system-wide. In the context of a performance-tuning skill this is relevant material, but it is more dangerous because users may copy-paste it into production despite the fact that these settings are highly workload- and host-specific and can trigger outages, packet loss, connection failures, or resource pressure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script can write a comprehensive host snapshot to any user-specified path via `tee "$OUTPUT"`, and the collected data includes process listings, kernel logs, network state, mount information, and sysctl values. In a performance-diagnostics skill this is contextually expected, but saving that report without an explicit sensitivity warning, permission hardening, or path safeguards increases the risk of accidental exposure of sensitive operational data to other local users or insecure storage locations.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal