rpm-ostree Toolkit — Fedora Atomic / Bazzite Manager

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only rpm-ostree administration skill with powerful but clearly relevant system-management commands.

Install this only if you want an agent to help administer rpm-ostree systems. Treat suggested commands as privileged system changes: verify remote RPMs and rebase images, inspect current deployments before cleanup or rollback changes, and keep a recovery or rollback option available before rebooting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The skill documents installing RPMs from arbitrary URLs and rebasing to remote container/ostree sources without emphasizing trust verification. This can lead users to fetch and deploy untrusted software or whole OS images, which is especially dangerous on a privileged system-management path and could result in full system compromise or persistent malicious deployments.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill provides numerous high-impact commands such as rollback, rebase, override, uninstall, kernel-arg modification, and cleanup without consistent warnings about consequences, preconditions, or recovery steps. Even if the commands are legitimate, presenting them without caution increases the chance of accidental service disruption, boot issues, package loss, or unintended rollback/rebase of the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal