onescience-installer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real remote installer, but it requires broad automatic inspection of local SSH configuration before the user chooses or confirms a host.

Review before installing. Use it only if you are comfortable letting the agent inspect SSH configuration and run commands on a remote cluster account. Prefer asking it to show a redacted host list, confirm the exact host and domain, and show the full remote command plan before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to read the user's local ~/.ssh/config before any other action, which can expose sensitive hostnames, usernames, key paths, proxy settings, and internal infrastructure details without any warning, minimization, or consent step. In this context, the access is not strictly necessary to answer high-level installation questions and creates unnecessary local secret discovery risk in a skill that otherwise claims to operate remotely.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal