LAN Media Server

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up a local-network file-sharing server, with the main risk being that anything placed in its shared folder is accessible without a password.

Install only if you want a persistent, unauthenticated file server on your local network. Keep MEDIA_ROOT pointed at a dedicated folder, place only files you intend to share there, and stop or disable the media-server user service when you no longer need it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The server explicitly binds to 0.0.0.0, making the shared directory reachable from any host on the local network. In this skill's context, that is the intended feature, but it still creates a real exposure risk because any file placed in MEDIA_ROOT becomes network-accessible without authentication, access restrictions, or a user-facing consent gate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal