Blucli
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a straightforward BluOS control helper that installs and uses a BluOS CLI, with no scanner evidence of hidden or malicious behavior.
This looks safe to install for controlling BluOS players, but it will fetch an unpinned Go module at install time. Users with strict supply-chain requirements should pin or review the upstream `blucli` version before installing.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.