Back to skill

Security audit

Docker Compose Generator

Security checks across malware telemetry and agentic risk

Overview

This is a small Docker Compose template generator with an overwrite caveat, but no evidence of hidden access, exfiltration, persistence, or destructive intent.

Reasonable to install if you want a simple compose-file helper. Before running it, choose the output path carefully and avoid existing important files; also review the generated compose file because it currently appears limited to MySQL and Redis despite broader documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes directly to a user-controlled output path using shell redirection, which will truncate and overwrite any existing file without warning. If the caller supplies an important path by mistake or an attacker can influence the argument, this can cause destructive file clobbering and potentially break configuration or startup files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.