linux-forensics-automation

Security checks across malware telemetry and agentic risk

Overview

The available files do not substantiate the scanner’s claim of hidden forensic data collection or external sharing.

Install only if the skill version shown to you matches the reviewed files. If a different SKILL.md mentions collecting logs, users, processes, secrets, uploads, or email delivery, review that data flow carefully and require explicit confirmation before any external sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill is explicitly designed to collect highly sensitive forensic data and then upload or email it externally, but the top-level description does not prominently warn about privacy, data sensitivity, or external transmission. This increases the chance that users invoke it in routine workflows without understanding that system logs, users, processes, and potentially secrets may be exfiltrated to third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal