Sparkey

Security checks across malware telemetry and agentic risk

Overview

Sparkey is a real temporary SSH-access tool, but it needs review because it uses root-level account and SSH authority while some security claims and host-scoping are under-disclosed.

Install only if you are comfortable reviewing and running privileged SSH administration scripts. Use dry-run first, run scripts only on the intended host, prefer diagnostic mode with an agent-provided public key, avoid full/PTY mode unless explicitly needed, protect and rotate the CA key, ensure cleanup scheduling works, and audit/revoke after each session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The security manifest states there are zero network calls and no data transmission, but the skill's documented workflow explicitly performs SSH, port checks, and remote host operations. This is a material misrepresentation that can mislead reviewers, users, or automated policy engines into underestimating the skill's reach and risk.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The script advertises command-only temporary access by default, but the created account is assigned /bin/bash and the 'full' profile deliberately omits a forced command. In CA mode, if --with-pty is used with profile=full, the certificate only disables PTY by default unless explicitly overridden, so an operator can unintentionally provision broad interactive shell access that exceeds the documented and expected restriction model.

Hidden Instructions

High

Category: Prompt Injection
Content: <text x="170" y="90" text-anchor="middle" dominant-baseline="central" style="fill:rgb(175, 169, 236);stroke:none;color:rgb(255, 255, 255);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, "system-ui", "Segoe UI", sans-serif;font-size:12px;font-weight:400;text-anchor:middle;dominant-baseline:central">nc -z -w 2 target 22</text> </g>  <g onclick="sendPrompt('What key type does sparkey use?')" style="fill:rgb(0, 0, 0);stroke:none;color:rgb(255, 255, 255);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, "system-ui", "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"> <rect x="60" y="128" width="220" height="56" rx="8" stroke-width="0.5" style="fill:rgb(60, 52, 137);stroke:rgb(175, 169, 236);color:rgb(255, 255, 255);stroke-width:0.5px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, "system-ui", "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"/> <text x="170" y="148" text-anchor="middle" dominant-baseline="central" style="fill:rgb(206, 203, 246);stroke:none;color:rgb(255, 255, 255);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, "system-ui", "Segoe UI", sans-serif;font-size:14px;font-weight:500;text-anchor:middle;dominant-baseline:central">2. Generate Ed25519 key</text>
Confidence: 88% confidence
Finding:  <g onclick="sendPrompt('What key type does sparkey use?')" style="fill:rgb(0, 0, 0);stroke:none;color:rgb(255, 255, 255);stroke-width:1px;stroke-linecap:butt;stroke-l

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal