Remote Desktop Support

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent remote-support tool, but it opens a live desktop through a public tunnel while temporarily weakening desktop protections, so users should review it before installing.

Install only if you specifically want this machine's live GNOME desktop to be reachable by a temporary browser link. Use dry-run and preflight first, keep view-only unless control is necessary, treat one-click URLs like passwords, verify close/status after use, and avoid using it where disabling lock or relying on a public tunnel is unacceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill description understates several sensitive behaviors that materially change the risk profile: disabling screen-lock protections, optionally unlocking the active session, weakening GNOME VNC encryption, and modifying firewall/system settings. In a remote-desktop skill, these actions can expose the live user session, reduce local desktop protections, and create a path to unauthorized observation or control if the tunnel URL/token or host state is mishandled.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The open command performs highly sensitive actions immediately: it can unlock the current desktop session, disable idle locking, enable VNC with no encryption, start a web-accessible remote desktop stack, and expose it through a public Cloudflare tunnel. Although the code emits output after setup, there is no mandatory interactive confirmation or just-in-time warning at execution time, increasing the chance of accidental exposure of the live user session and credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal