Back to skill

Security audit

system-repair-expert

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate repair helper, but it broadly handles sensitive troubleshooting and stores repair history without clear consent or redaction rules.

Review before installing. Use it only when external search and memory-based troubleshooting are acceptable, and avoid providing secrets, tokens, customer data, private hostnames, or full raw configs/logs unless scrubbed. Require explicit approval before any new skill is created or any repair command/script is run, and ask for no memory storage when handling sensitive systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description is extremely broad, positioning the skill as a general-purpose system repair expert without clearly limiting when it should activate or what it should refuse to handle. In combination with capabilities like internet access, file system read, and memory recall, this can cause overbroad invocation and unsafe use in sensitive troubleshooting contexts, increasing the chance of unintended data exposure or risky guidance.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The description explicitly presents the skill as Chinese-language oriented without indicating user choice or justification. Forced language behavior can reduce user comprehension of troubleshooting steps, warnings, or safety-critical instructions, which is especially problematic for a system-repair skill where misunderstanding may lead to incorrect or harmful actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The release notes state that the skill should be invoked for broad categories of issues such as system, software, configuration, or error problems, without defining scope limits or exclusion criteria. In an agent environment, this can cause over-triggering on many common troubleshooting requests, leading the skill to handle situations it was not specifically validated for and increasing the chance of unsafe or irrelevant actions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger condition is broad enough to activate on many generic help requests about systems or software, which can cause the skill to run when the user did not intend to invoke its workflow. In this skill, that matters because activation leads to memory lookups, external searches, and potentially advice about scripts or fixes, increasing privacy and safety risk from accidental invocation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill says it will query historical issues and solutions as part of analysis, but it does not tell users that their data may be searched against or associated with stored records. In a troubleshooting context, users often provide logs, configs, paths, hostnames, tokens, or other sensitive operational data, so undisclosed retrieval/storage behavior creates a meaningful privacy and confidentiality risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill activation scope is extremely broad: it invites use for nearly any system, software, configuration, or error problem. In an agent environment, this can cause the skill to trigger on common troubleshooting requests outside its intended boundaries, increasing the chance of unnecessary tool use, overreach into sensitive environments, or unsafe repair actions such as generating scripts without adequate safeguards. The six-step workflow slightly mitigates risk by preferring documentation before scripting, but the broad trigger still makes the skill more dangerous because it applies to high-privilege troubleshooting contexts.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs storing the user's repair process and results for future reference without any restriction on sensitive content. In this context, repair sessions commonly include credentials, internal network details, proprietary configs, filesystem paths, and incident data, so unrestricted persistence can expose sensitive information across future sessions or to unauthorized access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.