Static Webhost

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed static-site hosting helper that needs administrator access for expected web-server changes, with no evidence of hidden or unrelated behavior.

Install only if you want an agent to help publish static files through the machine's Caddy or Nginx setup. Confirm every sudo/root command, back up existing web-server configuration and /var/www/html before changes, and make sure no private files are copied into a public web root.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill advertises broad trigger phrases like '做个网页', '部署一下', and '让我能访问', which are common everyday requests and can cause the skill to be invoked in situations where the user did not clearly ask for privileged web-server deployment. Because this skill performs root-level file writes and service/config changes, accidental invocation materially increases the chance of unsafe system modification.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal