Security audit

DOSBox

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DOSBox helper that only detects local emulator installs and creates user-directed configuration files.

Safe to install for DOSBox setup tasks. Review generated .conf files and launch commands before running them, make sure output paths point where you expect, and only run DOS games, installers, or ISO files from sources you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill instructs the agent to generate and edit DOSBox configuration files on disk without explicitly requiring user confirmation before modifying files. In context this is low severity because the files are ordinary emulator configs, but it can still lead to unintended file changes, overwrites, or edits to the wrong config when users expect read-only guidance.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.