Huawei Device Inspector

Security checks across malware telemetry and agentic risk

Overview

The skill’s Huawei device inspection purpose is plausible, but it includes live-looking router and switch login details and unsafe SSH guidance that should be reviewed before use.

Review before installing or sharing. Treat the listed password as exposed: remove the hardcoded device details, rotate the credential if it was ever real, verify host keys instead of disabling checks, and only run the skill against devices you are explicitly authorized to inspect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill embeds plaintext management IPs, usernames, and passwords for network infrastructure devices directly in documentation. This is a real credential exposure issue: anyone with access to the skill can use the secrets to attempt administrative access to production networking equipment, and the included SSH example also disables host key verification, increasing the chance of unsafe operational use.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to SSH into production network devices and collect security and alarm data, but provides no warning about authorization, privacy, logging sensitivity, or possible operational impact. In context, this is more dangerous because the same document also supplies live-looking admin credentials and targeting details, making misuse immediately actionable rather than theoretical.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal