Security audit

Sys Health Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local system health monitor, with some minor disclosure and trigger-scope issues but no evidence of credential access, exfiltration, destructive behavior, or hidden persistence.

Install this only if you are comfortable with the agent inspecting and displaying local system resource metrics and process names. For sensitive machines, review the unpinned psutil dependency and run watch mode only when you intentionally want continuous foreground monitoring.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill advertises monitoring CPU, memory, disk, and network connections, but the analysis indicates it also enumerates process information and reports network traffic statistics instead of actual connection state. This mismatch can cause users to authorize or invoke the skill under false assumptions, exposing more system information than expected and weakening informed consent and least-privilege expectations.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad trigger phrases like '系统监控' and '服务器状态' can cause the skill to activate for generic requests without clear boundaries, increasing the chance of unintended execution. In a monitoring skill that may inspect sensitive host state, accidental activation can reveal system details or run checks the user did not specifically request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal