Back to skill

Security audit

Domain Dns Ops

Security checks across malware telemetry and agentic risk

Overview

This is a focused DNS operations skill with powerful but disclosed domain-management actions that fit its stated purpose.

Install this only if you intentionally use the ~/Projects/manager workflow. Before running it, confirm the exact domain, registrar, Cloudflare zone, redirect target, token permissions, and rollback plan; treat nameserver flips, redirects, and disabling bot protections as live production changes requiring explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly enables high-impact DNS and redirect changes such as onboarding zones, flipping nameservers, and configuring redirects, but it does not include a clear warning that these actions can immediately affect production traffic, email delivery, and TLS behavior. In an agent setting, the absence of explicit safety gating increases the chance of unintended live-service disruption from routine use or ambiguous user prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.