Back to skill

Security audit

Server Watchdog

Security checks across malware telemetry and agentic risk

Overview

This server monitoring skill is purpose-related, but it gives agents high-impact server control and persistent auto-restart behavior with weak safeguards.

Review before installing. Use it only on servers where automatic MongoDB restarts are explicitly acceptable, edit all hostnames, paths, chat IDs, and alert text first, prefer SSH keys with verified host keys, pin dependencies, and require human approval for restarts in production environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The documented behavior exceeds the stated high-level purpose and includes actions such as local service control, watchdog deployment, and service-specific operational logic. That mismatch is dangerous because users may invoke a seemingly generic monitoring skill without realizing it can perform state-changing actions on systems, increasing the chance of unauthorized restarts, unintended persistence, or use outside the expected scope.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation language is broad enough that the skill could trigger on ordinary status or troubleshooting requests, causing SSH-based inspection or even follow-on remediation in contexts where the user did not intend to authorize operational access. In a skill that can inspect remote systems and restart services, over-broad routing materially increases the risk of unintended execution.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill describes automatic restarts and deployment of monitoring components without prominent user-facing warnings that these actions modify remote systems. In the context of remote server administration, this is especially risky because restarting services or installing watchdogs can cause downtime, alter persistence, or violate change-control expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The password-based SSH example disables host key verification with `StrictHostKeyChecking=no`, which makes man-in-the-middle interception of credentials and session contents much easier. Because this skill is intended for remote server administration, encouraging insecure SSH usage directly endangers privileged access to production infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/mongodb-watchdog.js:89