Pc Assistant Fixed

Security checks across malware telemetry and agentic risk

Overview

This is a real local PC diagnostic skill, but it collects and stores unusually sensitive system and user data with weak scoping and defaults.

Review carefully before installing. Run only as a normal user, store reports in a private directory, do not share reports without redacting them, avoid broad scheduled runs unless you fully control the config file and cron entry, and treat generated reports as sensitive local security documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: Describing the skill as 'read-only' is misleading when it persistently writes reports to disk and supports scheduled retention/cleanup. Persistent report generation can create sensitive artifacts containing system and security details, increasing exposure to other local users, backups, or later unintended sharing.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: Claiming the tool is 'safe to run multiple times' downplays the fact that scheduler cleanup can delete prior artifacts. Users may rely on those reports for troubleshooting or auditing, and silent cleanup creates integrity and availability risks for locally stored evidence.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script contradicts its 'read-only diagnostics' positioning by persistently writing detailed host, process, network, and user data to files under a user-controlled output path. While local report generation can be legitimate, storing broad diagnostics data on disk increases exposure through later access, backup, sharing, or world-readable temp-directory mishandling.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: This healthcheck script gathers data far beyond system health, including account information, login history, SSH material, environment variables, shell history, and scheduled tasks. In the stated context of PC diagnostics, that scope is excessive and materially increases the chance of credential leakage, privacy violations, and exposure of operationally sensitive information.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Reading authorized_keys and known_hosts is not necessary for routine PC health diagnostics and exposes security-sensitive trust relationships. Even partial disclosure helps an attacker map remote access paths, identify internal hosts, and enumerate key-based access patterns.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Shell history often contains secrets, internal commands, file paths, tokens, and administrator activity. Capturing recent commands in a diagnostics report is highly context-inappropriate and can directly leak credentials or sensitive operational behavior.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Dumping environment variables is broader than needed for system health and commonly exposes API keys, tokens, proxy credentials, internal endpoints, and user-specific configuration. Because the values are written to a report file, the exposure persists beyond script execution.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to match ordinary requests like 'is everything ok?' and could cause the agent to run a highly invasive diagnostics workflow without the user understanding the extent of collection. In this context, overbroad activation increases the chance of surprise execution and unintended capture of sensitive host information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation does not warn that generated reports may contain sensitive host and security information such as network layout, software inventory, service state, and potentially user/security artifacts. Without that warning, users may store, transmit, or share the reports insecurely, amplifying the confidentiality risk.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: Automatic cleanup is documented, but the user-facing text does not clearly warn that existing report files may be deleted. This is primarily a safety and transparency issue: users may enable the feature without realizing it can remove historical diagnostic records.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script starts collecting and storing a wide range of system and user data without first warning the user about the scope or sensitivity of that collection. In a tool advertised as diagnostics, this lack of informed consent makes accidental oversharing and unsafe report handling more likely.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Using 'source' on a configurable file executes arbitrary shell code in the context of the scheduler, not just key/value settings. If an attacker can modify the config file path, contents, or environment variable selecting it, they can achieve code execution whenever the scheduled task runs, which is especially dangerous under cron or elevated accounts.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal