Back to skill

Security audit

N8N Docker Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a small n8n Docker monitoring skill with disclosed read-only container checks and no evidence of hidden persistence, exfiltration, or destructive behavior.

Before installing, confirm this is the intended publisher/package because metadata is inconsistent, and only use it where you are comfortable letting the agent inspect Docker status and recent n8n logs. Review log output before sharing it, since application logs may include URLs, workflow details, or secrets if n8n emits them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file states 'Respostas em Markdown' in Portuguese and the overall skill description is written only in Portuguese, which suggests a language expectation without any opt-in or alternative locale. Under the policy, forcing a specific language without user choice can be a natural-language policy violation unless clearly justified as region-specific.

Natural-Language Policy Violations

Low
Confidence
88% confidence
Finding
The natural-language description is written only in Portuguese ("Monitora o n8n e envia alertas") with no indication that the skill is region-specific or that users can choose their language. This can violate language/locale policy when a skill implicitly assumes a specific language without documenting opt-in or scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.