Bud Sudo Tool

Security checks across malware telemetry and agentic risk

Overview

This skill openly aims to automate sudo, but it stores a recoverable sudo password and enables broad unattended root command execution.

Install only if you fully trust every workflow that could invoke this helper and accept the risk of storing a reusable sudo credential. Prefer normal sudo prompts, limited sudoers rules for specific commands, or an OS-backed secret store over this general-purpose password replay tool.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script is not limited to a narrow sudo helper; it becomes a generic root command runner by passing arbitrary user-supplied strings into `sudo -S bash -c "$CMD"`. In a skill ecosystem, that materially expands abuse potential because any dependent or chained skill can execute unrestricted shell commands as root once the password is stored.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The skill stores the user's sudo password in recoverable form: the encrypted blob and the decryption secret (`.salt`, used as the passphrase) are both stored locally, so compromise of the account or directory yields the plaintext password. This creates durable credential theft risk well beyond the immediate task and enables root access outside this tool.

Intent-Code Divergence

Low

Confidence: 93% confidence
Finding: The temporary file containing the plaintext sudo password is only deleted on the normal success path. With `set -e`, failures, interrupts, or early exits can leave the password behind on disk, exposing credentials to later local compromise or forensic recovery.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill markets stored sudo-password replay as 'secure' without a prominent warning that it enables non-interactive root execution for arbitrary commands. In context, this is especially dangerous because the skill is intended as a reusable companion for other skills, turning compromise or misuse of any dependent workflow into full local privilege escalation.

Missing User Warnings

High

Confidence: 88% confidence
Finding: Because the tool reuses a stored sudo password to run arbitrary root commands, lack of a strong execution-time warning and confirmation increases the chance of dangerous or unintended privileged execution. In the context of agent skills, this reduces friction for misuse and makes chaining with other skills more hazardous.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: chmod 600 "$TMPFILE" echo "$PW" > "$TMPFILE" # Run sudo with password from temp file, then delete sudo -S bash -c "$CMD" < "$TMPFILE" rm -f "$TMPFILE" }
Confidence: 98% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: echo "$PW" > "$TMPFILE" # Run sudo with password from temp file, then delete sudo -S bash -c "$CMD" < "$TMPFILE" rm -f "$TMPFILE" }
Confidence: 98% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: echo "$PW" > "$TMPFILE" # Run sudo with password from temp file, then delete sudo -S bash -c "$CMD" < "$TMPFILE" rm -f "$TMPFILE" }
Confidence: 98% confidence
Finding: sudo -S

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal