Adblock Dns

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate DNS ad blocker, but it asks users to install and run missing privileged service code that cannot be reviewed from the submitted artifact.

Review before installing. Do not run setup.sh, dns-server.js, or grant sudo unless the publisher provides the referenced implementation files for inspection. If you deploy it, confirm the API is bound to localhost or otherwise protected, understand that DNS logs may expose browsing behavior across configured devices, and verify how to disable and remove the service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly states that all DNS queries are logged, but it does not prominently disclose that DNS logs can reveal sensitive browsing behavior for all devices using the service. In a network-wide DNS sinkhole context, this creates a real privacy risk because users may unintentionally collect or expose household or organizational browsing metadata.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: sudo systemctl start adblock-dns # Start sudo systemctl stop adblock-dns # Stop sudo systemctl restart adblock-dns # Restart sudo systemctl status adblock-dns # Check status journalctl -u adblock-dns -f # View logs # Remove completely
Confidence: 88% confidence
Finding: sudo

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal