Back to skill

Security audit

Sys Speek

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local system-status dashboard that shows basic health metrics and listening TCP ports without evidence of hidden collection, persistence, or data transmission.

Install only if you want a local Linux system snapshot. Avoid posting the output publicly or into untrusted chats because uptime, disk usage, memory state, and listening TCP ports can reveal details about your machine or services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to activate on generic requests like checking system status or viewing an overview, which can cause the skill to run in situations where the user did not specifically ask for host-level diagnostics. Because the skill exposes sensitive environment details such as uptime, resource utilization, disk layout, and open ports, over-triggering increases the chance of unintended information disclosure.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill advertises system health output without warning that it also reveals open network ports and connection-related information, which are more sensitive than ordinary uptime or memory statistics. A user may invoke it expecting a harmless status summary and unknowingly disclose service exposure details that could aid reconnaissance if shared or logged.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.