EMR Analyzer

Security checks across malware telemetry and agentic risk

Overview

This EMR diagnostic skill matches its stated purpose, but it needs review because it reads sensitive server logs/configs and uses unsafe shell command patterns.

Install only on trusted Linux cluster hosts and run with the least privilege needed. Review or patch the shell command handling before use on shared systems, and do not feed back raw logs or configs until tokens, passwords, internal hostnames, usernames, IPs, and customer data are redacted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_cmd(cmd): """执行命令""" try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=60) return result.stdout.strip(), result.stderr.strip(), result.returncode except Exception as e: return "", str(e), 1
Confidence: 96% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=60)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_cmd(cmd): """执行命令""" try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30) return result.stdout.strip(), result.stderr.strip(), result.returncode except Exception as e: return "", str(e), 1
Confidence: 97% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_cmd(cmd): """执行命令并返回输出""" try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30) return result.stdout.strip(), result.stderr.strip(), result.returncode except Exception as e: return "", str(e), 1
Confidence: 97% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase for cluster-wide health analysis is broad enough to match normal conversational requests, which could cause the skill to launch diagnostic commands unexpectedly. In this skill's context, that means potentially probing many services and reading host state when the user may have only asked for general advice.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The log-analysis examples are ambiguous and overlap with ordinary requests for troubleshooting help, so the skill may interpret pasted errors or generic questions as authorization to inspect real service logs. Because log analysis accesses potentially sensitive operational data, accidental activation increases privacy and security risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill description markets diagnostics and optimization but does not clearly warn that it may access service logs, configuration files, ports, and process information on target Linux hosts. This omission undermines informed consent and can expose sensitive information such as internal topology, credentials in configs, and operational metadata.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Commands in `get_log_files` are constructed from interpolated values, including the user-influenced `lines` parameter, without validation or any safety boundary. Because these strings are passed to a shell, an attacker can inject additional shell metacharacters and execute arbitrary commands under the script's privileges.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal