erlang-distribution

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Erlang distribution skill whose remote-node examples fit its stated purpose, but users should treat the RPC snippets as powerful cluster administration patterns.

Before using this skill against production Erlang systems, ensure nodes are on trusted networks, protect Erlang cookies, and do not pass untrusted Module, Function, or Args values into RPC helpers. Treat the snippets as examples to adapt with cluster-specific access controls and review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The RPC section demonstrates direct remote execution via rpc:call, rpc:multicall, rpc:async_call, and rpc:cast without any warning that these primitives execute arbitrary module/function/argument combinations on remote BEAM nodes. In a security-sensitive context, this can normalize unsafe use of distributed Erlang and lead users to expose powerful remote-code-execution capabilities across trusted-by-cookie nodes without authentication, authorization, or allowlisting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal