Security audit

incident-responder

Security checks across malware telemetry and agentic risk

Overview

This incident-response skill is relevant to production debugging, but it includes high-impact operational commands and automatic remediation examples without enough user-control safeguards.

Install only if you want an agent to assist with real production incident work. Use least-privilege credentials, verify the target host or cluster before running commands, and require explicit human approval before remediation, rollback, debugger attachment, packet capture, pod exec, cache changes, or log cleanup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The example goes beyond diagnosis into automatic remediation that can modify a production host, including cache dropping and log vacuuming, without human approval or safety checks. In an incident-response skill, this is risky because users may copy the pattern directly into real environments where mistaken remediation can worsen outages, destroy forensic evidence, or cause service instability.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill description focuses on incident analysis, but the example performs direct system administration through shell commands such as top and journalctl/grep. That broadens the capability surface from observation to host interaction, which is more dangerous in an agent skill because it normalizes shell-based host access and can encourage execution in sensitive production contexts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes numerous operational commands that can alter live systems, expose sensitive data, or disrupt workloads, such as packet capture, debugger attachment, pod exec, launching debug containers, and deployment rollback. In an agent skill context, presenting these commands without explicit safety gating, environment checks, least-privilege guidance, or user confirmation increases the risk that an automated or hurried user executes them directly against production.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The markdown example demonstrates destructive or state-changing remediation actions without any warning, confirmation, or rollback guidance. In the context of an incident-response skill, that is particularly dangerous because users under outage pressure may execute examples quickly, causing unintended service disruption or loss of useful investigation data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal