Back to skill

Security audit

Bohrium Job Management

Security checks across malware telemetry and agentic risk

Overview

This Bohrium job-management skill is coherent and disclosed, but users should handle credentials carefully and confirm destructive job actions.

Install only if you use Bohrium and trust the bohr CLI installer source. Store ACCESS_KEY securely, do not expose returned file tokens, and require explicit confirmation with exact job or group IDs before kill, delete, terminate, rename, or batch submission actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The API supplement expands behavior beyond the stated scope of submitting, listing, killing, deleting, logging, and monitoring jobs by including rename operations for jobs and job groups. Scope creep increases the chance an agent performs unexpected state-changing actions the user did not request or authorize.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented call to view job configuration returns a file-access token, which is a sensitive capability not necessary for ordinary job management. Exposing or normalizing retrieval of such tokens increases the risk of unauthorized file access, token leakage in logs, or downstream misuse by an agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive operations such as kill and delete without a required warning, dry run, or confirmation step. In an agent setting, this raises the likelihood of accidental irreversible job termination, result loss, and deletion of records from ambiguous or loosely worded user requests.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The API example reads an authentication credential from the environment and performs authenticated network requests, but the skill description does not clearly warn users that secrets will be consumed and transmitted to an external service. That omission weakens informed consent and increases the chance of unintentional credential exposure or unnoticed outbound data flow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.