Back to skill

Security audit

Ddns Updator

Security checks across malware telemetry and agentic risk

Overview

This DDNS skill is transparent about using a provider token and network APIs to update DNS, but users should be careful because one documented trigger can turn a simple public-IP question into a DNS update attempt.

Install only if you intend an agent to manage your DDNS record. Use explicit commands for DNS updates, keep the provider token scoped to the needed zone, avoid adding the optional cron unless you want automatic updates, and verify the referenced scripts are present and readable before relying on the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger condition 'Any request that involves current public IP or DDNS synchronization' is broad enough to activate on common networking or diagnostic requests that may not clearly imply consent to modify DNS records. In an agent setting, this can cause unintended execution of network-facing scripts and external API calls, increasing the chance of surprising side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.