System Commander

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed command-suggestion helper, but users should review any generated shell commands before running them because some can change files or install packages.

Install only if you want a skill that suggests Linux/Python commands. Treat its output as commands to inspect, not commands to run blindly: verify paths, prefer dry runs and backups, be careful with sed -i, mv, xargs, and apt-get, and avoid using it for sensitive or privileged operations without separate review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises only generic tools but operationally instructs shell execution, file reads, and file writes through commands like sed -i, mv, find, and package installation. This mismatch weakens policy enforcement and can cause an orchestrator to invoke a skill with broader side effects than reviewers or permission systems expect.

Context-Inappropriate Capability

Medium

Confidence: 78% confidence
Finding: The manifest allows external search even though the skill is described as a local command-generation assistant. Unnecessary network-enabled tooling expands the attack surface and may enable data exfiltration, dependency confusion, or retrieval of unsafe commands unrelated to the user's local task.

Intent-Code Divergence

Medium

Confidence: 82% confidence
Finding: The skill states system commands should not be used for security-sensitive operations, yet it includes system-modifying examples such as package installation and in-place file edits. This contradiction can normalize risky actions and lead agents to perform privileged or irreversible changes without the additional safeguards implied by the warning.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The skill's scope is broad enough to capture many ordinary file and text requests, increasing the chance it activates in contexts where direct command generation is unsafe or inappropriate. Overbroad routing can bypass more specialized skills or safer workflows that would validate inputs and constrain side effects.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: Vague trigger phrases like 'system first' and 'token efficient' are not reliable indicators of user intent and can cause accidental invocation. Misrouting to a shell-oriented skill raises the likelihood of unsafe command suggestions for requests that only superficially resemble file or text processing.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The 'When to Use' section emphasizes efficiency and command preference without defining firm safety boundaries, so agents may choose shell actions too early. In a command-generating skill, ambiguous activation criteria materially increase operational risk because the default output can directly affect files and the host environment.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes destructive commands such as sed -i for in-place modification without warning about backups, target validation, or rollback. In-place edits can corrupt data, alter many files unexpectedly, or be misapplied to sensitive paths when generated from loosely specified user requests.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The batch rename examples perform bulk file changes and the execution variant follows immediately after the dry run, which may encourage careless use. Bulk operations can cause widespread data loss or workflow disruption, especially with globbing edge cases, unexpected filenames, or execution in the wrong directory.

Missing User Warnings

Low

Confidence: 74% confidence
Finding: Recommending apt-get install commands changes the system state and may require elevated privileges, but the skill does not warn about privilege requirements, package trust, or environment impact. While common, such commands can still break reproducibility, modify shared systems, or be inappropriate in restricted environments.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill generates destructive in-place replacement commands like `sed -i` and Python write-back code that overwrite the target file immediately, with no confirmation, backup, or dry-run mode. In a command-generation skill, this is risky because a natural-language request can be translated into a file-modifying operation that causes unintended data loss or corrupts important files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal