Back to skill

Security audit

Hostinger

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Hostinger management skill, but it gives an agent broad control over live servers, DNS, domains, Docker deployments, firewalls, SSH keys, and account data without built-in safety gates.

Install only if you intend to let an agent administer real Hostinger resources. Use the least-privileged API token available, protect and rotate the token, and require explicit human approval before reset, restore, recreate, delete, nameserver, root-password, SSH-key, firewall, billing, or Docker deployment actions, especially when a compose file or URL comes from outside your control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly performs sensitive file reads and network-backed account operations, but it does not declare permissions or constraints to signal those capabilities. This increases the chance of unintended invocation and weakens policy enforcement around access to local secrets like the API token and remote infrastructure actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose understates the full administrative power of the skill, while the underlying behavior includes highly sensitive actions such as root password changes, VPS recreation, hostname changes, SSH key attachment, and WHOIS profile access. This mismatch can mislead users or orchestrators into invoking the skill in contexts where they did not intend to authorize such privileged operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match many generic hosting or deployment requests, which can cause the skill to be selected when a user only wanted advice rather than direct account changes. In a skill that can alter DNS, billing-visible assets, and VPS state, overbroad triggering materially raises the risk of accidental destructive actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The VPS operations section includes start, stop, restart, snapshot restore, and backup-related actions without warning that they can interrupt service, overwrite state, or cause downtime. In an infrastructure-management skill, omitting impact warnings makes accidental outages more likely when users treat examples as routine safe commands.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
DNS update, reset, and snapshot restore operations can break web, email, and verification services, yet the documentation provides no warning about propagation delays, rollback planning, or outage risk. Because DNS changes often have broad blast radius and delayed visibility, users may unintentionally disrupt production systems.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documented Docker down/delete command can remove running services and potentially associated resources, but there is no warning about service interruption or data persistence implications. In a deployment skill, presenting deletion commands without caution increases the chance of accidental takedown of production workloads.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Firewall rule creation and activation can immediately block legitimate traffic or lock administrators out of a VPS, yet the documentation lacks any warning about access-loss scenarios. In remote infrastructure management, this omission is especially dangerous because a single mistaken rule can sever recovery paths and cause prolonged outage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.