LLM NeverDie

Security checks across malware telemetry and agentic risk

Overview

NeverDie is a disclosed LLM resilience monitor that runs locally and can optionally send limited Telegram alerts when the user configures them.

Install this only if you want a recurring local monitor. If enabling Telegram, use a dedicated bot, protect the .neverdie-config.json file because it stores the bot token, and review the cron job or use the provided uninstall command when you no longer need monitoring.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script exfiltrates operational metadata to Telegram, including the host identifier and alert status, but the actual send path does not provide a clear runtime disclosure or consent checkpoint at the point of transmission. In a monitoring skill that runs unattended as a cron/system event, silent external transmission is security-relevant because users may not realize incident data is leaving the machine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal