Back to skill

Security audit

Phpmyadmin Manager

Security checks across malware telemetry and agentic risk

Overview

This skill transparently starts and stops a local phpMyAdmin Docker UI, with manageable caution around broad triggers and database admin access.

Install this only if you want a local phpMyAdmin interface for a development MySQL container. Review the broad trigger phrases, avoid relying on the default MySQL root password of secret, and remember that the container may continue running after reboot until stopped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
80% confidence
Finding
The trigger 'start phpmyadmin' can shadow or interfere with a built-in 'start' command family, creating command-routing ambiguity. If the agent resolves this skill unexpectedly, it could start a Dockerized admin interface and expose database management functionality on localhost without the user intending to invoke this specific skill.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
80% confidence
Finding
The trigger 'stop phpmyadmin' similarly conflicts with a built-in 'stop' command family and may capture requests meant for a different target. In this skill, unintended invocation could stop the phpMyAdmin container unexpectedly, disrupting local database administration workflows and creating confusion about what component was actually stopped.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.