Eightctl
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent and not malicious, but it deserves review because it can control a physical Eight Sleep device and uses sensitive account credentials with only partial confirmation guidance.
Install only if you trust the upstream eightctl CLI and are comfortable letting an agent operate your Eight Sleep pod. Require explicit confirmation for every device-changing command, protect the Eight Sleep credentials, and prefer pinning or reviewing the upstream CLI version before installation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.