Plakar backup

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Plakar restore skill with disclosed file-restore behavior and user confirmation before overwrite-capable actions.

Install this only if you use Plakar for backups. Before allowing any restore, confirm the exact backup store, snapshot ID, files or paths, and destination; prefer restoring to a temporary directory first when practical.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill is configured to activate on broad phrases like 'undo', 'rollback', 'restore', or 'revert', which commonly appear in ordinary conversation. In an agentic environment, this can cause the restore workflow to trigger in contexts the user did not intend, increasing the risk of prompting destructive or high-impact filesystem restore actions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The 'when to offer restore' section relies on informal examples like 'something went wrong' and 'the last tool call broke things' instead of a tightly scoped activation rule. Because this skill culminates in commands that can overwrite live files, ambiguous invocation guidance materially raises the chance of unintended restore suggestions or workflows being initiated in unrelated situations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal