Security audit

predictive-maintenance-engineer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a DevOps/SRE guidance skill whose operational remediation advice matches its stated purpose, with no evidence of hidden execution or persistence.

Install only if you want a skill that can advise on DevOps and incident-response operations. Treat production changes as recommendations: require explicit approval, verify the target environment, use change-management controls, and keep rollback steps ready before acting on remediation advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill includes concrete auto-remediation actions such as restarting services, cleaning files, renewing certificates, and removing instances from a load balancer. In an agent skill context, these operational changes could be acted on without an explicit safety warning, approval gate, rollback guidance, or instruction to verify authorization and production impact, which creates risk of unintended service disruption or unsafe automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.