Back to skill

Security audit

Cmdnotify

Security checks across malware telemetry and agentic risk

Overview

CmdNotify is a disclosed command-monitoring skill, but users should be careful because it can repeatedly run local commands and send alert content to external services.

Install only if you intentionally want a tool that repeatedly runs commands you configure. Review every command and notify_cmd, avoid untrusted configs, do not run it with elevated privileges unless necessary, and avoid sending secrets or sensitive host details to webhook endpoints. Because the packaged skill does not include the Go source referenced by the build instructions, review any external source before building or running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes periodic execution of local commands and scripts but does not clearly warn users that configured commands will actually be run on the host and may have side effects. In a command-execution tool, missing safety disclosure increases the chance that users deploy untrusted or destructive commands under the assumption that monitoring is passive, which can lead to system changes, data loss, or abuse if configurations are sourced from others.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes periodic execution of arbitrary shell commands and scripts, but provides no safety guidance about trust boundaries, least privilege, or the risks of running untrusted commands. In an agent skill context, this can normalize dangerous behavior and lead users to execute destructive or sensitive local commands through configuration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples show alert data being sent to external HTTP endpoints, including command-derived message content, without warning that outputs may contain secrets, system details, or other sensitive telemetry. This creates a realistic risk of unintended data exfiltration if users copy the example into production monitoring workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.