Back to skill

Security audit

x0x

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it deserves user review because it adds remote command execution and peer port forwarding beyond the short networking-and-messaging description.

Install only if you intend to run x0x as a trusted peer-networking daemon. Review the upstream binary/source, protect the local api-token, enable remote exec or forwarding only for specific trusted peers and allowlisted commands/ports, and avoid autostart unless you want the service persistent across reboots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill is presented as secure networking/messaging infrastructure, but it explicitly exposes remote command execution on peer machines via `x0x exec` and `/exec/run`. Even though the docs describe trust and ACL gating, remote exec materially expands the skill from transport into code execution, which is a high-risk capability that can enable lateral movement or arbitrary action on trusted peers if misconfigured or invoked by an agent without adequate user oversight.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented feature set includes tailnet-style TCP port forwarding to loopback services on peer machines, which goes beyond ordinary messaging and creates a network tunnel into services that may otherwise be locally reachable only. This can expose sensitive local-only services across peers and facilitate pivoting or unintended access if trust relationships or ACLs are misconfigured.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Remote execution is not justified by the stated purpose of a secure agent networking skill and represents a dangerous privilege escalation in capability. In agent environments, an operator may install this skill expecting communication primitives, while an agent can leverage the documented exec surface to run commands on remote systems once trust conditions are satisfied, creating substantial risk of abuse, lateral movement, and host compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.