Qwen Qwen3 5

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for running a local Ollama Herd Qwen setup, with the main caution being its reliance on an external PyPI package and local service endpoints.

Before installing, review the `ollama-herd` PyPI package and repository because `pip install` executes third-party code. Run the router only on networks you intend to trust, and treat the dashboard/status endpoints and ~/.fleet-manager logs as local operational data that may reveal usage details.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is marketed and named as a Qwen 3.5 model-serving skill, but the documentation also exposes unrelated capabilities such as other LLMs, image generation, embeddings, monitoring endpoints, and dashboard access. This expands the operational scope beyond user expectation and can lead agents or users to invoke features with different risk profiles, especially local service and observability endpoints that may disclose data or enable unintended actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal