elevated-task-runner

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being an elevated command runner, but it gives task files broad administrator-level execution power without meaningful safeguards.

Install only if you intentionally want a broad local command runner. Review every task file line by line, avoid -Elevate and -UseSudo unless strictly necessary, and do not run task bundles from untrusted sources or in environments where accidental system changes would be costly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The script reads commands from a user-provided task file and executes them with Invoke-Expression, which is effectively arbitrary code execution. Because the skill also supports elevation and sudo, an attacker-controlled task file can run any command as the current user or with administrative privileges, far beyond a constrained maintenance workflow.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The inline comment explicitly acknowledges that the code is executing external input directly in an eval-like manner, confirming that arbitrary command execution is intentional rather than accidental. In this skill context, that makes the maintenance-runner framing misleading and increases the danger because users may trust it to perform only bounded repair tasks.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly states it will evaluate user-provided task bundle contents directly and can request elevation, which creates a straightforward path to arbitrary command execution with administrator privileges. In this context, the danger is amplified by the documented use of Invoke-Expression on untrusted input, meaning a crafted task file can execute destructive or persistence-establishing commands as admin/root.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script executes each task line immediately without showing the user the parsed commands or requesting confirmation. This creates a silent execution path for attacker-supplied or tampered task files, increasing the chance of harmful actions being run without informed consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: When -Elevate is used, the script requests administrative execution via RunAs without an explicit security warning describing that subsequent task file commands may run with elevated privileges. In combination with arbitrary task execution, this materially increases the risk of full system compromise if the task file is untrusted or modified.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal