Raspberry Pi

Security checks across malware telemetry and agentic risk

Overview

This is a Raspberry Pi setup checklist with one visible Docker install command users should verify before running.

Reasonable to install as a Raspberry Pi reference. Before running the Docker command, consider using Docker’s signed package repository instructions or inspect the downloaded script first, and only run it on a Pi you intend to administer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill recommends piping a remotely fetched script directly into `sh`, which executes network-delivered code without inspection, integrity verification, or provenance checks. In a Raspberry Pi setup guide aimed at likely less-experienced users, this increases the chance of supply-chain compromise, MITM-related abuse in misconfigured environments, or accidental execution of unexpected installer behavior with elevated privileges.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal