tunneling

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by creating a public SSH tunnel to a local port, but it can expose local services to the internet without a required warning or confirmation step.

Install only if you understand that using it can make a local service reachable from the public internet. Before running it, confirm the exact port, avoid admin/debug/private endpoints, and make sure you know how to stop the background SSH tunnel.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is broad enough that an agent could invoke it in routine 'share my app' or webhook-testing contexts without clearly confirming the user wants public internet exposure. Because the action creates an externally reachable tunnel to a local service, accidental invocation can disclose development systems or sensitive local endpoints that were never meant to be public.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs the agent to expose localhost services to the public internet but does not require a security/privacy warning or explicit informed consent about the consequences. Local apps often assume trusted localhost access and may lack authentication, rate limiting, or hardened configuration, so publishing them can lead to unauthorized access, data leakage, SSRF pivoting, or compromise of development environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal