Back to skill

Security audit

SRE Log Analytics

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SRE log analysis skill; it may handle sensitive logs, but that access is disclosed and aligned with its purpose.

Install this only if you want the agent to inspect logs that you explicitly identify. Provide specific file paths and time ranges, avoid unnecessary privileged logs, redact secrets or personal data when possible, and review any saved or shared report before it leaves the conversation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance uses very broad phrases like 'check logs' and 'analyze system operation', which can match ordinary user requests without clear constraints or confirmation. This can cause the skill to activate unexpectedly and access or summarize potentially sensitive operational logs in contexts where the user did not explicitly intend to invoke this workflow.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The Chinese guidance repeats the same issue with broad trigger phrases such as '检查日志' and '分析系统运行情况', which are common requests and may over-match benign conversation. In a log-analysis context, unintended activation is more dangerous because logs often contain sensitive system, user, or security telemetry that could be exposed or processed without sufficiently explicit consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.