Security audit

Opensearch Vector Search

Security checks across malware telemetry and agentic risk

Overview

This OpenSearch skill is mostly coherent and read-only, but it handles live cluster credentials with unsafe defaults and examples that users should review carefully before installing.

Install only if you are comfortable reviewing helper scripts before use. Do not paste production admin passwords into command lines; use least-privilege read-only accounts, prefer secure secret handling, enable SSL verification or a trusted CA path, and treat reference PUT/POST/DELETE configuration snippets as examples to review rather than commands to run directly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README demonstrates passing OpenSearch usernames and passwords directly on the command line, which can expose secrets through shell history, process listings, logs, and copied transcripts. In this skill’s context, the risk is elevated because it explicitly encourages connecting to live production clusters, so users may imitate the example with real credentials.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document explicitly recommends `network.host: 0.0.0.0`, which binds OpenSearch to all network interfaces, but it does not warn that this can expose the service to unintended networks if firewalling, private subnet placement, or security groups are misconfigured. In a knowledge-base skill that users may copy directly into production configs, this omission can lead to remote access to a search cluster and materially increases the risk of unauthorized access or attack surface expansion.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Accepting a password via a command-line flag can expose credentials through shell history, process listings, audit logs, CI job logs, and other local observability mechanisms. In this skill's context, users are explicitly encouraged to provide OpenSearch cluster credentials, so the chance of real secret exposure is elevated and could lead to unauthorized cluster access.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: SSL certificate verification is disabled by default (`verify_ssl=False`), which allows man-in-the-middle attacks against supposedly HTTPS connections and makes credentials and cluster metadata vulnerable to interception or tampering. This is especially dangerous here because the tool connects to remote OpenSearch endpoints and may transmit basic-auth credentials supplied by users.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Including example live-cluster commands with inline credentials normalizes unsafe handling of sensitive access data and increases the chance that users will paste real secrets into commands, tickets, chats, or terminals. Because this skill is specifically marketed for live cluster analysis, the examples are more likely to be used against real infrastructure, magnifying the chance of credential exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal