Security audit

步步为营

Security checks across malware telemetry and agentic risk

Overview

This DevOps skill is coherent, but it needs review because it can steer agents toward builds, deployments, rollbacks, and environment inspection without enough scoping or approval guidance.

Review before installing. Use this as a DevOps checklist and script bundle, not an autonomous deployment tool. Confirm the git diff, package scripts, Docker target, Kubernetes context, namespace, environment, and production authorization before running build, canary, rollback, health-check, or log-inspection commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares command-line dependencies and embeds numerous shell commands that can build, deploy, roll back, and inspect systems, but it does not declare corresponding permissions or execution boundaries. This creates a mismatch between apparent capability and stated security model, increasing the risk that an agent may invoke impactful shell actions without explicit authorization controls.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance is very broad: it triggers on generic requests for complex application development, CI/CD, or DevOps tasks. In an agent-skill system, this can cause the skill to activate for a wide range of common requests and steer the agent into executing operationally sensitive actions such as builds, deployments, rollbacks, health checks, and security scans without sufficiently narrow scoping or explicit user confirmation. The surrounding content includes command examples and automation steps, which increases the practical risk of overreach once activated.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance is very broad, covering complex app development, CI/CD, and DevOps tasks without tight scoping or eligibility checks. A broadly-triggered skill with shell-oriented operational guidance can be invoked in many contexts, increasing the chance of inappropriate assistance for sensitive repo, infrastructure, or production actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The examples instruct the agent to perform impactful actions such as pushing images, canary release progression, and rollback in response to broad user prompts, without explicit production-risk warnings or confirmation gates. In an agent context, examples strongly shape behavior, so these patterns can normalize unsafe execution against real environments.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.