Matrix Server Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Matrix server administration skill, but it should only be used by trusted admins because it can create users, rooms, messages, and permanent media uploads.

Install only in the intended Hiclaw/Tuwunel admin environment. Before using it, confirm the target Matrix server, room membership, recipient, and file contents; do not upload secrets, credentials, private configs, or personal data unless all room members are authorized to receive them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs users to upload files to Matrix media storage and states the resulting MXC URI is permanent and accessible to all room members, but it provides no safeguards around sensitive data, audience verification, retention, or minimization. In an admin/worker coordination context, this increases the risk of unintentionally disclosing logs, reports, configs, or other artifacts containing secrets or personal data to all participants in the room.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal