redis-tools

Security checks across malware telemetry and agentic risk

Overview

This Redis helper matches its stated purpose, but users should avoid passing real Redis passwords as command-line arguments.

Install only if you need a local Redis cheatsheet and simple Redis health/key checks. Use it only with Redis servers you are authorized to inspect, and avoid typing production Redis passwords directly on the command line; prefer a temporary low-privilege credential or safer redis-cli authentication method.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script constructs a redis-cli command string that includes the password via the `-a` flag, which exposes the credential in the process list and shell history on many systems. Because this skill is specifically designed to connect to live Redis instances, users are likely to supply real secrets, making the exposure practical rather than theoretical.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal