Deploy Helper

Security checks across malware telemetry and agentic risk

Overview

This is a deployment-template helper with one low-impact local history logging issue, but no evidence of hidden execution, exfiltration, or destructive behavior.

Install this if you want a local helper that prints deployment templates. Review generated CI/CD, Kubernetes, Docker, and SSL files before using them, replace placeholders with managed secrets, and avoid passing tokens or passwords as arguments to the secondary helper because it can record local command history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

Medium

Confidence: 98% confidence
Finding: The script persists raw command arguments to a history file under the user's data directory, which can capture secrets passed on the command line such as tokens, passwords, URLs with credentials, or internal project details. Because the data is stored long-term in plain text, any local user, backup system, support process, or later compromise of the host can expose sensitive information that users may not realize was retained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal