Wake-on-LAN

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it sends Wake-on-LAN packets and stores only user-added device aliases locally.

Install this only if you want an agent to send Wake-on-LAN packets on networks and devices you control. Any aliases you add will store MAC and IP addresses locally in the skill directory, so review or remove that file on shared machines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # Method 1: wakeonlan CLI cmd = ["wakeonlan", "-i", ip, "-p", str(port), mac] print(f"Sending WOL magic packet to {mac} via {ip}:{port}...") result = subprocess.run(cmd, capture_output=True, text=True) # Method 2: Raw UDP sockets (needed on Termux/Android) try:
Confidence: 70% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=True)

Unvalidated Output Injection

High

Category: Output Handling
Content: # Method 1: wakeonlan CLI cmd = ["wakeonlan", "-i", ip, "-p", str(port), mac] print(f"Sending WOL magic packet to {mac} via {ip}:{port}...") result = subprocess.run(cmd, capture_output=True, text=True) # Method 2: Raw UDP sockets (needed on Termux/Android) try:
Confidence: 95% confidence
Finding: subprocess.run(cmd, capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal