Back to skill

Security audit

Sysadmin Toolbox

Security checks across malware telemetry and agentic risk

Overview

This is a useful sysadmin reference, but it can automatically surface unguarded destructive, disruptive, and offensive security commands in ordinary admin contexts.

Install only if you want a broad dual-use sysadmin and security reference and will review commands before use. Do not let an agent blindly run examples from this skill, especially packet capture, netcat, hping3, delete, secure-wipe, /etc/profile, external scanner, breach-search, or exploit-related examples. Avoid refresh.sh unless you trust and review the upstream content each time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (30)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a sysadmin and troubleshooting reference, but this section includes clearly offensive-capable reconnaissance tools such as fierce, subdomain enumeration utilities, and bulk DNS recon tooling. In an auto-consulted skill, this broadens the agent’s recommendations into target discovery activities that can facilitate unauthorized reconnaissance beyond the declared troubleshooting scope.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This HTTP subsection includes tools for heavy load generation, directory busting, and application-layer DoS simulation such as SlowHTTPTest and gobuster. Because the skill is automatically consulted for common troubleshooting and endpoint testing tasks, an agent could recommend intrusive or disruptive actions that cause service degradation or unauthorized probing.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The auditing section includes LinEnum and PEASS, which are widely used for local enumeration and privilege-escalation/post-exploitation workflows, not ordinary system auditing. In a broadly scoped admin skill, these entries increase the likelihood of the agent surfacing offensive post-compromise tooling under a benign 'auditing' label.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file includes a broad catalog of offensive tools such as exploit frameworks, credential-cracking tools, mass exploitation utilities, and payload resources that go well beyond benign sysadmin troubleshooting. In an auto-consulted skill, this can steer the agent toward recommending dual-use or overtly offensive capabilities in ordinary admin contexts, materially increasing misuse risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The hping3 example includes a packet-flooding one-liner using --flood and --rand-source, which materially enables denial-of-service activity rather than ordinary troubleshooting. In a general-purpose sysadmin skill, this crosses from defensive reference material into offensive capability with little operational guardrail or authorization context.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The netcat section provides direct remote shell launch instructions, including binding /bin/bash to a listening socket. This is a classic backdoor primitive that enables unauthorized command execution and is not justified by a benign shell one-liner reference for routine administration.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This section provides explicit post-compromise shell stabilization steps ('when you get a shell', job control, TTY upgrade, TERM/SHELL setting) that are commonly used after obtaining unauthorized remote code execution. In the context of a broadly auto-consulted sysadmin/reference skill, this materially increases misuse risk because it operationalizes attacker tradecraft rather than serving ordinary tool discovery needs.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This section includes breach-search and surveillance-oriented resources such as breach lookup services, leaked-data indexes, and exposed-camera directories that go beyond normal sysadmin or DevOps troubleshooting references. In a broadly auto-consulted skill, these links can steer users toward questionable or abusive recon workflows and normalize use of services that facilitate privacy-invasive or unauthorized targeting.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The file recommends exploit databases and even a zero-day exploit marketplace, which materially exceeds the stated purpose of a sysadmin troubleshooting reference. Including exploit acquisition resources in an auto-consulted operational skill increases the chance of misuse and can assist offensive activity without adding necessary value for routine administration.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The generator section includes an open redirect/SSRF payload generator, which is an offensive testing aid not obviously justified by the skill's general sysadmin/admin reference scope. Because the skill is configured to auto-consult for broad troubleshooting topics, this makes potentially dangerous payload-generation guidance more readily available in benign contexts.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The auto-consult description is very broad and covers many common sysadmin, DevOps, and security topics, which can cause the skill to activate in a large fraction of operational conversations. Overly aggressive triggering increases the chance of unnecessary context injection, tool recommendations for sensitive tasks, and unreviewed guidance being surfaced when it was not explicitly requested.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Auto-Consult' section uses ambiguous conditions such as 'asking what tool for' and 'doing security audits or pentesting' without defining boundaries, authorization checks, or sensitivity tiers. In a skill that references shell one-liners and security tooling, this can lead to routine invocation in dual-use or risky contexts and amplify potentially unsafe operational instructions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file lists many tools for scanning, packet capture, traffic interception, and active probing without any warning about operational, legal, privacy, or availability risks. In an auto-consult reference, the absence of guardrails makes unsafe recommendations more likely, especially for users who may not distinguish harmless diagnostics from intrusive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document presents extensive offensive-security, exploitation, cracking, and backdoor resources without any legal, ethical, or operational safety warning. In a skill that may be automatically consulted, the absence of guardrails makes it more likely the agent will normalize or recommend risky actions without emphasizing authorization, isolation, or potential harm.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example deletes all files in a folder that do not match certain extensions, but it is presented without warning about irreversible removal or shell expansion pitfalls. Users can easily run it in the wrong directory and cause substantial accidental data loss.

Missing User Warnings

High
Confidence
97% confidence
Finding
This snippet overwrites /etc/profile and installs an EXIT trap that force-kills sshd-related processes with kill -9. It can disrupt logins system-wide, break administrative access, and introduce persistence-like behavior without any warning that it modifies a global profile file.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The find command permanently deletes files older than 60 days and is shown without any preview step or warning. In practice, users often adapt such commands to broad paths, making accidental deletion likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The recursive sed command performs in-place replacement across many files, excluding only .git paths, with no caution about mass unintended edits. A typo in the pattern or path can corrupt large portions of a repository or system configuration.

Missing User Warnings

High
Confidence
99% confidence
Finding
The secure-delete section includes shred, scrub, badblocks, srm, sfill, sdmem, and swap wiping commands that can irreversibly destroy files, disks, or memory-backed data. Presenting these without prominent warnings makes catastrophic data loss much more likely.

Missing User Warnings

High
Confidence
96% confidence
Finding
The tcpdump example explicitly extracts usernames and passwords from plaintext HTTP traffic. Even if framed as diagnostics, it directly facilitates interception of credentials and should be treated as sensitive dual-use content requiring authorization and privacy warnings.

Missing User Warnings

High
Confidence
98% confidence
Finding
The hping3 flood command can generate highly disruptive traffic against a remote host, yet it is presented as a routine example without authorization or impact warnings. That omission makes misuse easier and normalizes a destructive testing pattern.

Missing User Warnings

High
Confidence
99% confidence
Finding
The remote shell examples expose an interactive shell over the network and can be used as a backdoor or for unauthorized lateral movement. The lack of warnings around command execution, exposure, and access control makes this especially dangerous in an auto-consulted sysadmin skill.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented functions send user-supplied hostnames and IP addresses to external third-party services (Google DNS over HTTPS and ip-api.com) without warning about data disclosure. In a sysadmin/security context, these inputs may include sensitive internal domains, investigation targets, or customer infrastructure, causing unintended leakage and possible compliance or privacy issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file recommends external scanning and analysis services without warning that submitted domains, URLs, certificates, headers, or other artifacts may be transmitted to third parties and potentially logged or published. Users may unknowingly expose internal assets, pre-production hosts, or sensitive identifiers when following the reference list.

Missing User Warnings

High
Confidence
97% confidence
Finding
The mass-scanner and breach-search section lists numerous services that process sensitive organizational or personal identifiers, including IPs, domains, emails, breach data, and indexed content, without any notice about privacy, legality, or data-handling risks. This is especially dangerous in an auto-consulted skill because it can prompt users to submit sensitive targets to third-party intelligence and breach platforms, potentially causing data leakage, compliance issues, or reputational harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.