Runcloud Skill

Security checks across malware telemetry and agentic risk

Overview

This Runcloud skill is mostly coherent, but it should be reviewed because it can run production-impacting server actions while describing them as safe or non-destructive.

Install only if you want an agent to help administer Runcloud resources. Use the least-privileged token available and require explicit confirmation before any deployment, cron test, service restart, or SSL change, especially on production servers.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill states it only supports non-destructive actions, but the SSL endpoint changes live web application configuration and can alter certificate state, HTTP/HTTPS behavior, and HSTS settings. Mislabeling a state-changing operation as safe increases the chance an operator or agent triggers it without appropriate confirmation, causing service disruption or unintended config changes on production systems.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: Labeling all POST actions as safe is inaccurate because testing a cron job executes commands immediately and deploying SSL modifies web app configuration. This can lead to unintended command execution or production changes if an agent treats these actions as harmless and runs them automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal