Deploydevnlu

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is mostly purpose-aligned, but it can change real infrastructure from Slack text with weak scoping, no confirmation, and unsafe command construction.

Install only if you control the Slack trigger, trust the publisher, and intend to grant this skill access to the SupplyWhy SSH key and Kubernetes deployment authority. Before using it in any shared or production-like workflow, require explicit confirmation, strict allowlists for tags/environments, safer command execution, accurate target-host disclosure, and auditable authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill directly executes privileged shell commands that add an SSH key, connect to a deployment host, modify deployment manifests, and apply Kubernetes changes. Because these actions are triggered from user-provided Slack text with no authorization, approval gate, or scope restriction, the skill can be abused to perform real infrastructure changes from an untrusted chat workflow.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The code claims to infer the deployment environment from the user's message, but all SSH operations always use the dev-specific key and host regardless of the parsed value. This mismatch can mislead operators into believing they are deploying to one environment while the skill actually changes another, creating integrity and change-management risks.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill performs state-changing deployment operations immediately after parsing a message, without confirmation, dry-run output, or an approval step. In a chat-integrated context, ambiguous wording, accidental invocation, or malicious prompting could trigger unauthorized infrastructure changes with little friction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal