VPS 维护配置

Security checks across malware telemetry and agentic risk

Overview

This VPS maintenance skill is not deceptive, but it provides root-level commands that can lock users out or delete system data if followed as-is.

Install only if you are comfortable reviewing root-level server administration commands before use. Keep an active recovery path such as provider console access, adapt the SSH port/firewall/timezone/NTP choices to your host, test access before enabling restrictive firewall rules, and replace the broad cleanup commands with safer dry-run or age-based cleanup for production systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The cleanup section includes irreversible deletion and package removal commands such as purging kernels, deleting logs, and wiping temporary/cache directories, but it does not warn the user about possible data loss, service disruption, or the risk of deleting files still needed by running processes. In a VPS maintenance skill, users are likely to copy-paste these commands as root, which increases the chance of accidental operational damage.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The recurring cleanup script automates destructive operations including apt autoremove and deletion of log and temporary files, yet it provides no caution about irreversible effects or application impact. As a reusable script for periodic execution, this is more dangerous than one-off manual commands because mistakes can recur automatically.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill unconditionally sets the timezone to Asia/Shanghai and configures region-specific NTP servers without asking the user to confirm the server's region or operational requirements. This can cause audit/logging confusion, timestamp inconsistencies, and operational errors in environments where UTC or another timezone is required.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: find /var/log -type f -name "*.old" -delete 2>/dev/null # 4. 清理临时文件 rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null # 5. 清理用户缓存
Confidence: 90% confidence
Finding: rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null # 5. 清理用户缓存 rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: find /var/log -type f -name "*.log" -mtime +7 -delete 2>/dev/null # 清理临时文件 rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null echo "=== 清理完成 ==="
Confidence: 90% confidence
Finding: rm -rf /tmp/* 2>/dev/null rm -rf /

Tool Parameter Abuse

High

Category: Tool Misuse
Content: find /var/log -type f -name "*.old" -delete 2>/dev/null # 4. 清理临时文件 rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null # 5. 清理用户缓存
Confidence: 90% confidence
Finding: rm -rf /tmp/* 2>/dev/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: # 4. 清理临时文件 rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null # 5. 清理用户缓存 rm -rf ~/.cache/* 2>/dev/null
Confidence: 90% confidence
Finding: rm -rf /var/tmp/* 2>/dev/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: rm -rf /var/tmp/* 2>/dev/null # 5. 清理用户缓存 rm -rf ~/.cache/* 2>/dev/null ``` ---
Confidence: 86% confidence
Finding: rm -rf ~/.cache/* 2>/dev/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: find /var/log -type f -name "*.log" -mtime +7 -delete 2>/dev/null # 清理临时文件 rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null echo "=== 清理完成 ==="
Confidence: 90% confidence
Finding: rm -rf /tmp/* 2>/dev/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: # 清理临时文件 rm -rf /tmp/* 2>/dev/null rm -rf /var/tmp/* 2>/dev/null echo "=== 清理完成 ===" df -h
Confidence: 90% confidence
Finding: rm -rf /var/tmp/* 2>/dev/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal