smb-auto-mount

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it makes persistent root-level mount changes and stores SMB passwords on disk, so it belongs in Review rather than automatic install.

Install only if you are comfortable granting sudo/root access to modify /etc/fstab and storing the SMB password on this machine. Use a low-privilege SMB account, back up /etc/fstab first, review the exact mount entry and credential file path, and remove or rotate the credential file when you stop using the mount.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script persistently stores the SMB username and password in a file under /etc, which creates a long-lived secret on disk and does so without clearly warning the operator before making that security-sensitive change. Although permissions are restricted to 0600, plaintext credential storage increases exposure through backups, accidental disclosure, root compromise, or later mishandling of the file.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script appends a new entry directly to /etc/fstab, creating a persistent system configuration change without any confirmation or preview. This can cause unintended automatic mount behavior on future boots and may impact system availability or security if the mount target, credentials, or options are incorrect.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal