System Restoration

Security checks across malware telemetry and agentic risk

Overview

This looks like a real restoration runbook, but it can re-enable persistent automations, change production scripts, point to a Slack token location, and includes a data-source helper that returns mock operational data.

Install only if you operate the exact Ranger/Advantage HPE macOS environment described. Before using it, verify all scripts and plist files, confirm Slack token scope and channel IDs, review any cron or LaunchD changes, and do not use the browser data-source helper in live reporting until it fetches verified real data or fails closed instead of returning mock records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (24)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The documentation reveals a concrete local filesystem path to a file that stores a Slack bot token, effectively advertising where sensitive credentials reside. Even though the token value is redacted, exposing the path lowers the effort needed for credential discovery or targeting, especially in a restoration skill that may already operate with elevated local access.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: These steps instruct the user to overwrite a production script from a backup and immediately reload a persistent service, but provide no warning about configuration drift, code provenance, rollback validation, or production side effects. In a restoration skill, that makes accidental deployment of stale or unsafe code more likely and can silently reintroduce broken logic or insecure behavior.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide recommends replacing API access with browser automation without discussing credential storage, session handling, scraping of sensitive operational data, or privacy/compliance implications. Browser automation often expands the attack surface by requiring interactive credentials, cookies, local profiles, or broader data access than the original API.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs restarting a long-lived Slack bot in the background with '&' and only minimal verification, without warning about duplicate processes, orphaned jobs, log capture, credential exposure, or unintended message delivery. Backgrounding operational bots without supervision can create persistent uncontrolled behavior and make incident response harder.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The markdown instructs operators that Slack posting uses a local file containing the bot token but provides no warning or safeguards around secret handling. In practice, this normalizes direct credential access in reference material and increases the chance of accidental disclosure, misuse, or propagation into other tooling, logs, or prompts.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The checklist documents rollback steps that stop services, remove cron jobs, and kill processes, but it provides no warning, scoping guidance, or confirmation requirements before executing them. In an operational runbook, this can lead to accidental denial of service or over-broad disruption, especially because wildcard unloads and process-kill commands may affect multiple running automations at once.

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash # Load service (enable and start) launchctl load ~/Library/LaunchAgents/com.ranger.SERVICENAME.plist # Unload service (disable and stop) launchctl unload ~/Library/LaunchAgents/com.ranger.SERVICENAME.plist
Confidence: 75% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash # Load service (enable and start) launchctl load ~/Library/LaunchAgents/com.ranger.SERVICENAME.plist # Unload service (disable and stop) launchctl unload ~/Library/LaunchAgents/com.ranger.SERVICENAME.plist
Confidence: 75% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Restoration Steps - [ ] Test script: `python3 reconciliation_report.py --no-email` - [ ] Create cron job for 7:00 AM CT daily - [ ] Verify channel posting #### ☐ Success Criteria
Confidence: 84% confidence
Finding: Create cron job for

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Restoration Steps - [ ] Test script: `cd /Users/stephendobbins/.config/ranger/scripts && python3 margin_alerts.py` - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.margin-alerts.plist` - [ ] Verify posting: Check #margin-alerts for test alerts - [ ] Check logs: `tail /tmp/margin_alerts.log`
Confidence: 92% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Restoration Steps - [ ] Test script: `cd /Users/stephendobbins/.config/ranger/scripts && python3 margin_alerts.py` - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.margin-alerts.plist` - [ ] Verify posting: Check #margin-alerts for test alerts - [ ] Check logs: `tail /tmp/margin_alerts.log`
Confidence: 92% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Restoration Steps - [ ] Restore backup: `cp pulse_os_full.py.bak pulse_os_full.py` - [ ] Fix data sources: Add browser automation imports - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.morning-pulse.plist` - [ ] Test: `python3 pulse_os_full.py pulse` - [ ] Verify sections: Low margin, stale estimates, revenue leaks, driver incidents
Confidence: 92% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Restoration Steps - [ ] Restore backup: `cp pulse_os_full.py.bak pulse_os_full.py` - [ ] Fix data sources: Add browser automation imports - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.morning-pulse.plist` - [ ] Test: `python3 pulse_os_full.py pulse` - [ ] Verify sections: Low margin, stale estimates, revenue leaks, driver incidents
Confidence: 92% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: - [ ] No existing LaunchD service (needs creation) #### ☐ Service Creation - [ ] Create plist: Use `scripts/create-live-nudges-service.py` - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.live-nudges.plist` - [ ] Test function: `python3 pulse_os_full.py nudges`
Confidence: 87% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Service Creation - [ ] Create plist: Use `scripts/create-live-nudges-service.py` - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.live-nudges.plist` - [ ] Test function: `python3 pulse_os_full.py nudges` #### ☐ Success Criteria
Confidence: 92% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: #### ☐ Service Creation - [ ] Create plist: Use `scripts/create-live-nudges-service.py` - [ ] Load service: `launchctl load ~/Library/LaunchAgents/com.ranger.live-nudges.plist` - [ ] Test function: `python3 pulse_os_full.py nudges` #### ☐ Success Criteria
Confidence: 92% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: import os from pathlib import Path PLIST_CONTENT = '''<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>
Confidence: 94% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: from pathlib import Path PLIST_CONTENT = '''<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key>
Confidence: 93% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: from pathlib import Path PLIST_CONTENT = '''<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key>
Confidence: 93% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: PLIST_CONTENT = '''<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.ranger.live-nudges</string>
Confidence: 93% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: </plist>''' def create_service(): """Create LaunchD service plist for live nudges""" launch_agents_dir = Path.home() / "Library" / "LaunchAgents" launch_agents_dir.mkdir(exist_ok=True)
Confidence: 96% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: launch_agents_dir = Path.home() / "Library" / "LaunchAgents" launch_agents_dir.mkdir(exist_ok=True) plist_file = launch_agents_dir / "com.ranger.live-nudges.plist" with open(plist_file, 'w') as f: f.write(PLIST_CONTENT)
Confidence: 96% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: launch_agents_dir = Path.home() / "Library" / "LaunchAgents" launch_agents_dir.mkdir(exist_ok=True) plist_file = launch_agents_dir / "com.ranger.live-nudges.plist" with open(plist_file, 'w') as f: f.write(PLIST_CONTENT)
Confidence: 96% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: plist_file = launch_agents_dir / "com.ranger.live-nudges.plist" with open(plist_file, 'w') as f: f.write(PLIST_CONTENT) print(f"✅ Created {plist_file}")
Confidence: 98% confidence
Finding: plist

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal