智护 AIOps

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AIOps documentation skill for a user-configured monitoring platform, but it should be used carefully because it handles platform and SSH credentials and can guide asset changes.

Install only if you intend an agent to help operate this Zhihu AIOps environment. Configure endpoints and platform credentials through environment variables, avoid pasting production secrets into chat when a safer secret mechanism is available, prefer temporary or least-privilege SSH credentials, and review any create/update/delete/restart API action before letting the agent run it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly asks the user to provide SSH usernames and passwords, then transmits those secrets to platform APIs, but it does not clearly warn users about sensitive secret handling, storage, logging, or scope of use. In an agent setting, this increases the risk of credential leakage through chat history, logs, telemetry, or unintended downstream processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal