Back to skill

Security audit

Nginx Config Hardener / Nginx配置加固器

Security checks across malware telemetry and agentic risk

Overview

This skill is a short Nginx hardening guide with no executable payload, but users should validate any generated config before deploying it.

Before using this skill's output on a real server, review the generated Nginx config, compare it against your current config, run syntax validation such as nginx -t, keep a backup, and reload only after testing. The artifact itself does not show malware, exfiltration, persistence, or destructive behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example encourages use of a generated hardened configuration as a direct replacement without telling users to review it, test syntax, or validate service behavior first. In the context of live Nginx configuration management, this can cause outages, broken TLS or routing behavior, or accidental weakening of protections if the generated config is incorrect or incomplete.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.