LLM Deploy Helper

Security checks across malware telemetry and agentic risk

Overview

This local LLM deployment helper is coherent and user-directed, but users should review generated Docker/systemd files before enabling a persistent service.

Before installing, understand that this tool can generate Docker and systemd service files for local LLM servers. Inspect generated files, verify exposed ports and mounted volumes, avoid passing tokens unless needed, and only run the sudo systemd enable/start commands if you intentionally want a long-running service that starts on boot.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to copy a generated unit file into /etc/systemd/system and immediately enable and start it with sudo, but it does not clearly warn that this creates a persistent privileged service and changes system state. In an agent skill context, users may follow commands verbatim, so omission of a privilege/persistence warning increases the chance of unintended long-lived exposure or service startup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal