Back to skill

Security audit

Pentest Interactive

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate manual penetration-testing guide, but it understates the risk of commands that can change state, execute probes, or stress a live service.

Install only if you intend to use it for authorized security testing. Before running any command, confirm written scope, target environment, test accounts, rate limits, monitoring, rollback expectations, and whether state-changing or service-impacting probes are allowed; avoid using the 'Run All' path on production systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill repeatedly characterizes itself as 'read-safe' and non-destructive, yet includes active exploitation and state-changing probes such as login POSTs, admin promotion attempts, registration, LLM prompt extraction, and resource-exhaustion payloads. This mismatch can cause an agent or user to underestimate operational risk and execute intrusive tests against live systems without appropriate safeguards.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The SQL injection section is labeled passive and read-only, but includes a time-based payload using pg_sleep(5), which intentionally consumes server resources and changes runtime behavior. Even without data modification, this is an active exploitation technique and can impact production performance or evade user expectations about safety.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The command injection section claims to use passive, harmless payloads but includes a whoami execution probe, which attempts to trigger server-side command execution. That is an active exploit attempt and may execute code on the target if vulnerable, making the safety labeling materially misleading.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The execution flow encourages copying and running penetration-testing commands but does not clearly foreground that many steps can be intrusive, state-changing, or service-impacting. In this context, the methodology framing makes the omission more dangerous because it normalizes broad test execution across phases with insufficient risk gating.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The authentication examples send login requests and inspect cookies but omit warnings that these actions may create sessions, trigger account lockouts, generate audit logs, or alert monitoring systems. In real environments, repeated auth probing can affect user accounts and incident-response workflows even if credentials are only test values.

Missing User Warnings

High
Confidence
98% confidence
Finding
The business-logic section includes oversized-payload and workflow-abuse probes without an immediate, explicit warning that they can degrade service, exhaust resources, or alter transactional state. Because these examples directly test availability and transaction handling, the missing warning materially increases the chance of accidental disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:150

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:180