Back to skill

Security audit

Safe Exec Output

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate safety purpose, but it asks users to install a system-wide command wrapper with sudo and contains misleading claims about retained command output.

Review the wrapper before installing, prefer a per-user path such as ~/.local/bin when possible, and do not rely on the advertised temporary file for later inspection because the provided script deletes it when it exits. Treat the sudo installation as a persistent system-wide change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation and inline comments claim the wrapper preserves the full command output for later inspection, but the code installs an EXIT trap that deletes the temporary file when the wrapper exits. This creates a dangerous mismatch between operator expectations and actual behavior: an agent may rely on being able to inspect truncated data later, but the evidence is gone immediately, which can break debugging, audits, or incident response workflows.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The truncation banner explicitly tells users the full output is 'kept for inspection' at the temp path, but the EXIT trap removes that file before the caller can meaningfully use it. This is a true integrity/documentation flaw because it can mislead downstream operators and agents into believing forensic or operational data remains available when it does not.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The known-limitations/benefits section states that the full output is saved so the agent can re-read it with limits, but the sample wrapper deletes the tempfile on exit. In a security/operations skill, this kind of false assurance is risky because users may make decisions assuming recoverability of command output that no longer exists.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The installation instructions direct users to write an executable into /usr/local/bin using sudo, which modifies system-wide behavior and requires elevated privileges. In a skill consumed by agents or operators, encouraging privileged copy-paste installation without a prominent warning, verification step, rollback guidance, or least-privilege alternative raises supply-chain and system-integrity risk if the content is wrong, tampered with, or applied in the wrong environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.