Restic Workstation Backup

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed restic backup automation package, but it should only be installed by users who are comfortable granting it backup-wide home-directory access and systemd scheduling authority.

Review the plan output before using --apply. Only use a repository and alert email you control, expect the tool to back up sensitive files from the home directory, and be aware that enabling timers creates ongoing backup, prune, check, and audit jobs. Keep the generated restic password in a separate secrets vault before relying on these backups.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to run shell commands and install system components, but it does not declare corresponding permissions. This creates a capability/permission mismatch that can cause the agent platform or user to underestimate the level of access the skill requires, increasing the risk of unintended command execution or unsafe trust in the skill.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal