Back to skill

Security audit

Computer

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it gives very broad system administration guidance with weak safety boundaries around high-impact actions.

Install only if you intentionally want broad system-administration guidance available to your agent. Before using it, require explicit approval for sudo/admin commands, process termination, service restarts, crontab edits, packet capture, remote commands, disk benchmarks, kernel/sysctl tuning, and any report sent to email or Slack.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill documents packet capture and traffic inspection tools such as tcpdump and Wireshark, which materially extend its scope from local hardware/system management into network surveillance. That expansion increases privacy and misuse risk, especially because the skill does not present clear authorization or consent constraints for inspecting traffic.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The remote execution examples (computer remote --host ... and ssh admin@server01 ...) broaden the skill from local computer understanding into remote administration. This is dangerous because it enables command execution on other systems and can be abused for lateral movement or unauthorized access if the skill is invoked too broadly.

Vague Triggers

High
Confidence
94% confidence
Finding
The top-level description claims authority over 'everything about the physical machine' and frames the skill as universal computer management, making triggering criteria excessively broad. Overbroad activation can cause the agent to select this powerful skill for many unrelated requests, exposing users to invasive diagnostics, privileged commands, or system-changing actions unintentionally.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The applicable-scenarios section lists many generic phrases that could match ordinary requests without clarifying what actions are safe, read-only, or privileged. This weakens invocation boundaries and increases the chance the skill is selected in contexts where the user did not intend diagnostic, optimization, or potentially disruptive operations.

Missing User Warnings

High
Confidence
95% confidence
Finding
This section includes numerous destructive or system-altering commands, such as kill -9, renice, service restarts, cron editing, scheduler tuning, cache dropping, and device-level I/O changes, without strong safety gating. In a skill context, presenting these as normal operations can lead an agent or user to impair system stability, data integrity, or availability without appreciating the consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples include packet capture and the file elsewhere includes remote execution, but the skill does not warn about privacy, consent, credential exposure, or authorization boundaries. That omission is dangerous because these actions can expose sensitive data or facilitate access beyond the local system while appearing as routine diagnostics.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.