Security audit

github-dns-helper

Security checks across malware telemetry and agentic risk

Overview

This GitHub DNS helper has a real purpose, but it weakens hosts-file protections and can run shell commands built from custom URL input.

Review carefully before installing or running. Do not apply the suggested permanent ownership change to /etc/hosts, do not pass untrusted custom URLs, and inspect the hosts entries before writing them. Prefer running any hosts-file change as a one-time administrator action that keeps the file root-owned afterward.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_command(cmd, sudo=False): if sudo: cmd = f"sudo {cmd}" result = subprocess.run(cmd, shell=True, capture_output=True, text=True) return result.returncode, result.stdout, result.stderr
Confidence: 98% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill invokes a Python script, instructs users to run shell commands, and appears to modify system files, but it declares no permissions. This creates a transparency and consent problem: the agent/user may not realize the skill can read and write sensitive files such as the hosts file and execute shell actions with system impact.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: - 直接以管理员身份运行命令提示符或 PowerShell 即可 ⚠️ **此操作必须由用户在系统终端中手动执行** 执行后，脚本将不再需要 sudo 权限，可以免密码运行 ### 仅检查连接状态
Confidence: 82% confidence
Finding: sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.