mkisofs

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only ISO image creation skill with expected local file and mount examples, not hidden or automatic behavior.

Reasonable to install if you need ISO-building assistance. Before letting an agent run examples, confirm the source and output paths, use temporary directories when possible, and explicitly approve package installation, mount, extract, overwrite, add, or remove operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill includes numerous shell examples that create files, modify images, extract content, and mount loop devices, but it does not clearly warn that these actions change the local system and may require elevated privileges. In an agent setting, users may treat examples as safe-to-run instructions, increasing the risk of unintended filesystem changes, mounting untrusted ISOs, or privilege misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal