mufi-admin

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support legitimate MUFI admin work, but it can directly create and save admin records without clear confirmation or rollback safeguards.

Review before installing if you have access to the MUFI admin panel. Use only with an authorized account, prefer a test or staging environment first, and require a manual final confirmation before any save, upload, or publish action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is an admin-side runbook that instructs an agent to create events, campaigns, templates, and frames and to upload assets directly in a live administrative interface, but it provides no guardrails about environment validation, approval, rollback, or the fact that these actions mutate system data. This is dangerous because an automated agent could perform irreversible or unauthorized changes in production/admin systems simply by following the steps, especially given the included browser automation tips for DOM clicking and form submission.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal