Back to skill

Security audit

github-dns-helper

Security checks across malware telemetry and agentic risk

Overview

This GitHub DNS helper has a real purpose, but it weakens hosts-file protections and can run shell commands built from custom URL input.

Review carefully before installing or running. Do not apply the suggested permanent ownership change to /etc/hosts, do not pass untrusted custom URLs, and inspect the hosts entries before writing them. Prefer running any hosts-file change as a one-time administrator action that keeps the file root-owned afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd, sudo=False):
    if sudo:
        cmd = f"sudo {cmd}"
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
    return result.returncode, result.stdout, result.stderr
Confidence
98% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes a Python script, instructs users to run shell commands, and appears to modify system files, but it declares no permissions. This creates a transparency and consent problem: the agent/user may not realize the skill can read and write sensitive files such as the hosts file and execute shell actions with system impact.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- 直接以管理员身份运行命令提示符或 PowerShell 即可

  ⚠️ **此操作必须由用户在系统终端中手动执行**
  执行后,脚本将不再需要 sudo 权限,可以免密码运行

### 仅检查连接状态
Confidence
82% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.