Back to skill

Security audit

Java Switch

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can install software and permanently change the user's shell Java configuration.

Install only if you want a local macOS setup script that may install Homebrew/OpenJDK and edit ~/.zshrc. Review any Homebrew prompts, consider installing Homebrew yourself first, and check the added JAVA_HOME/PATH lines afterward if you maintain a custom shell profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill performs remote code execution by piping a downloaded Homebrew installer script directly into bash. That expands the skill from Java version switching into arbitrary software bootstrap and executes network-fetched code without integrity verification or an explicit approval checkpoint, which is dangerous if the URL, transport, or upstream content is compromised.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The skill claims to switch Java for the current session but also appends exports to ~/.zshrc, creating persistent state changes beyond the immediate request. Persistent shell profile modification can surprise users, break existing configurations, and create long-lived side effects that are harder to detect and undo.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly states that the skill will persist environment changes to `~/.zshrc`, which means running the skill modifies the user's shell startup configuration beyond the current session. Even though this is likely intended functionality rather than malicious behavior, persistent profile modification is security-relevant because it creates lasting changes to command execution environment and can surprise users if not accompanied by strong, explicit consent and clear warnings about what will be written.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents persistent modification of the user's shell profile without an explicit warning that it will change a startup file. In agent contexts, undocumented profile edits are risky because they alter future shell behavior and may interfere with other tooling or security assumptions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill automatically installs Homebrew and OpenJDK without a clear user warning or approval boundary. Automatic package installation and bootstrap actions can introduce substantial system changes, network access, and code execution that exceed a simple environment switch request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script appends exports to ~/.zshrc, comments out existing JAVA_HOME lines, creates backups, and immediately sources the modified shell profile without asking the user for consent. Persistent profile modification can unexpectedly alter future shell behavior, duplicate PATH entries, or activate unintended commands in the current session; automatic sourcing is especially risky because it executes whatever is already present in ~/.zshrc, not just the lines this script added.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.