AI Commander Dashboard

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate read-only dashboard, but it exposes sensitive email/session data with network and token-handling defaults users should review carefully.

Install only if you are comfortable running a local web server that can display inbound emails. Set a strong DASHBOARD_TOKEN, bind DASHBOARD_HOST to 127.0.0.1 unless remote access is intentional, avoid sharing terminal logs or screenshots containing the printed URL, and consider replacing the CDN-loaded UI assets before viewing sensitive mail.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The documentation says the dashboard supports zero-config startup with an auto-generated token, while the metadata marks DASHBOARD_TOKEN as required and primary. This inconsistency can lead operators to misconfigure deployment, disable safeguards, or improvise insecure workarounds when the documented startup path does not match runtime requirements.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Printing a full access URL containing the bearer token encourages token exposure through terminal logs, shell history, screenshots, process supervisors, clipboard sharing, and chat pastes. Because the dashboard displays inbound email data and browser-session status, disclosure of that URL could grant unauthorized local or remotely reachable access depending on bind configuration.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal