Back to skill

Security audit

Terraform Drift Detector / 基础设施漂移检测器

Security checks across malware telemetry and agentic risk

Overview

This skill is a descriptive Terraform drift-checking guide with no executable payload, but users should be cautious about its advertised direct Terraform-state remediation feature.

Before installing, treat this as guidance rather than a working detector: it provides no implementation. If you use it to build or run drift checks, provide least-privilege cloud credentials, limit accounts and regions, and do not allow any Terraform state changes unless you have reviewed a plan, backed up state, and can roll back.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly promotes automated remediation that applies fixes directly to Terraform state, but it does not include any safety warnings, confirmation requirements, rollback guidance, or scope limitations. Modifying Terraform state is high-risk because incorrect state changes can desynchronize infrastructure from code, mask unauthorized changes, or cause destructive actions in later Terraform runs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.