Back to skill

Security audit

Terraform State Doctor / Terraform状态诊断师

Security checks across malware telemetry and agentic risk

Overview

This is a Terraform state-management skill description with no executable payload, but users should treat its advertised repair actions as potentially impactful infrastructure operations.

Before using this skill on real Terraform projects, confirm the target workspace and backend, keep a backup of state, prefer diagnose or plan-style workflows first, and require explicit review before any lock release, import, repair, or automated drift correction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes automatic state healing, stale lock release, and batch drift correction in a Terraform context, but the description does not warn that these actions can mutate infrastructure state or cause destructive recovery steps if misapplied. In an IaC/state-management skill, encouraging automatic remediation without prominent cautions, confirmation requirements, or backup/rollback guidance increases the chance of unsafe production changes and state corruption.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.