Incident Response Network

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate network forensics guide, but it is labeled read-only while telling users to run packet captures and save sensitive evidence files on live network devices.

Install only for authorized incident-response work, and treat it as a mixed-impact network forensics playbook rather than a read-only skill. Before using capture, export, support-bundle, or running-config commands, get approval, limit scope and duration, check CPU and storage, protect evidence files as sensitive data, and define transfer, retention, and cleanup steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill repeatedly claims that all commands are read-only, but the documented workflow includes starting packet captures and exporting evidence files, which writes data to device storage and changes device runtime state. This mismatch can mislead operators, bypass safety guardrails that rely on metadata, and cause unintended modification of production network devices during an incident.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The metadata advertises the skill as read-only, but the procedures include redirect, save, and export operations to flash or temporary storage. Systems or reviewers that trust the metadata may authorize the skill in environments intended to forbid writes, creating a policy-bypass condition and increasing the chance of unintended evidence collection on live infrastructure.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The text states that all commands are read-only, but later instructions explicitly start monitor captures and write artifacts to storage. This internal contradiction is dangerous because users may trust the safety claim and run commands on sensitive network devices without realizing they are initiating active collection and local writes.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This section includes operational commands that change device state by starting captures and configuring mirror sessions, even though the skill frames itself as focused on read-only evidence collection and verification. In an incident setting, these actions can consume CPU, alter forwarding/monitoring state, and create availability or evidentiary risks if an operator assumes everything listed is passive and safe.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The file asserts commands are read-only unless explicitly noted, but later includes commands that create captures, save files, invoke shell tools, and configure monitoring without consistently marking them as non-read-only. That mismatch can mislead responders into executing intrusive actions under the false assumption they are harmless, increasing operational and forensic risk during an incident.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The evidence-preservation section expands beyond the stated scope of network artifacts by collecting full support bundles and running configurations, which may include credentials, keys, topology, and unrelated administrative data. In a narrowly scoped incident-response skill, this broad collection increases unnecessary exposure and can violate least-collection principles.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The packet capture step creates files on device storage and can affect CPU or storage utilization, but the step does not give a clear up-front warning that this is a write operation with operational impact. In incident conditions, operators may execute it quickly and inadvertently consume local storage, affect performance, or violate evidence-handling or change-control expectations.

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The technical support collection commands generate potentially large files on local flash or temporary storage without a prominent warning in the step itself. On constrained network devices, this can consume storage, prolong command execution, and create unintended operational or evidence-management side effects during an active incident.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Packet capture and export commands can collect payloads, credentials, session tokens, internal communications, and regulated data, yet the documentation does not warn users about the sensitivity or legal/privacy implications of collecting and storing this content. In incident response, that omission can lead to overcollection and insecure handling of highly sensitive evidence.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Saved support outputs and running configurations often contain sensitive security material such as SNMP communities, local usernames, secrets, management IPs, ACLs, and architecture details, but the section does not warn about that exposure. This is especially risky in an incident-response context because responders may widely distribute or retain these files as evidence without applying proper protections.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal