Security audit

RedHat Debugger

Security checks across malware telemetry and agentic risk

Overview

This is a simple debugging workflow skill with no executable code or hidden behavior, though its activation metadata is malformed and should be fixed.

Safe to install for a generic debugging workflow. Before using it, redact secrets from logs and environment details, review any proposed fixes before applying them, and prefer an updated version with explicit trigger phrases instead of the current malformed trigger metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 97% confidence
Finding: This manifest file includes a `triggers` section, but its value is the non-descriptive `System.Object[]` rather than an explicit list of trigger phrases or activation conditions. That makes it unclear what user input activates the skill and provides no scope, constraints, or negative examples to prevent unintended invocation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal