魔盒node服务开发技能包

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Node.js development guide, but some deployment examples should be hardened before production use.

Safe to install as a reference guide. Before using its snippets, remove sshd and cron unless explicitly required, avoid chmod 777, use a trusted HTTPS npm registry, confirm docker and kubectl targets, and store real database passwords in Kubernetes Secrets or a vault rather than ConfigMaps or source-controlled config files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The document’s security guidance explicitly says sensitive information must not be hardcoded, yet the production JSON example includes concrete database credentials fields with inline values. Even if these are illustrative placeholders, showing secrets in a production config example normalizes insecure practice and can lead developers to copy the pattern into real deployments.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The Dockerfile entrypoint starts SSHD and cron inside the application container, unnecessarily expanding the attack surface and violating least-privilege/container single-process best practices. If the image is deployed as documented, any exposed or misconfigured SSH service or cron-executed task could become an entry point for compromise or persistence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal