oVirt MCP Server

Security checks across malware telemetry and agentic risk

Overview

This skill is not deceptive, but it gives an AI agent broad oVirt/RHV infrastructure control without enough scoping or safety guidance.

Install only if you intentionally want an AI agent to administer an oVirt/RHV environment. Use least-privilege credentials, avoid persistent broad admin passwords where possible, scope it to non-production or explicitly approved environments, and require human confirmation before delete, force, fence, reinstall, restore, RBAC, network, storage, disk, console, or alert-clearing actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases include broad terms such as "virtual machine," "cluster," and "host management," which can appear in many general infrastructure conversations unrelated to oVirt/RHV. This can cause the skill to activate outside its intended scope and expose powerful infrastructure-management actions in contexts where the user did not explicitly request oVirt administration.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The documentation advertises destructive capabilities such as create/delete/modify VM operations, storage changes, fencing, and RBAC changes without prominent warnings about service interruption, data loss, or privilege consequences. In an MCP context, this increases the chance that an agent or user invokes high-impact actions without understanding the operational risk to production infrastructure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation exposes a destructive `cluster_delete` operation with only a required identifier and no warning, confirmation note, or mention of safeguards. In an infrastructure-management skill for oVirt/RHV, this increases the chance that an agent or user will invoke irreversible deletion of production clusters through misunderstanding, prompt injection, or operator error.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation exposes a destructive `datacenter_delete` capability with no warning about irreversibility, dependencies, or the need for explicit user confirmation. In an infrastructure-management skill for oVirt/RHV, deleting a data center can disrupt or destroy production virtualization resources, so omission of safety guidance materially increases the risk of accidental destructive actions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation exposes a destructive operation, `event_clear_alerts`, with no warning, confirmation guidance, scope explanation, or authorization caveat. In an infrastructure-management skill for oVirt/RHV, clearing alerts can erase operational signal, hinder incident response, and cause an agent or user to perform a risky action without understanding its consequences.

Missing User Warnings

High

Confidence: 92% confidence
Finding: This documentation exposes a host install/reinstall operation that is destructive and accepts highly sensitive credential material such as a root password and SSH key, yet provides no warning about data loss, re-provisioning effects, or secret-handling risks. In an agent-driven context, this omission is dangerous because it can normalize invoking reinstall actions without explicit confirmation or careful credential hygiene.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The iSCSI login documentation includes CHAP credentials and a storage connection operation without warning about credential sensitivity, persistence, or the operational consequences of connecting to the wrong target. In infrastructure-management skills, such omissions can lead to secret exposure in logs/prompts and unintended storage attachment that affects host behavior or data access.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation exposes destructive VM operations such as deletion without any warning about irreversibility, service disruption, or data loss. In an agent skill context, this increases the chance that a model or user triggers high-impact infrastructure actions without informed confirmation, especially because the skill is explicitly designed for live oVirt/RHV management.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: Console and session-related capabilities are access-sensitive because they can expose interactive access paths, credentials, screen contents, or user presence data. Documenting vm_console and related session access without privacy, authorization, or audit warnings can normalize unsafe use and may lead an agent to retrieve or disclose sensitive access details to an unauthorized requester.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Snapshot or checkpoint restore operations can overwrite current VM state, discard recent changes, and cause application inconsistency or downtime if invoked casually. In virtualization management, omission of this warning is dangerous because an LLM-driven workflow may treat restore as routine and unintentionally roll back production systems.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal