Swmm Runner

Security checks across malware telemetry and agentic risk

Overview

This skill runs local SWMM simulations and writes expected result files; no hidden network, credential, persistence, or destructive behavior was found.

Use this only for SWMM work. Provide a dedicated run directory and avoid sensitive, shared, or project-root paths because the tool writes standard output artifacts there and may overwrite same-named files. Verify the swmm5 binary/version you intend to run, especially when using PATH, AISWMM_SWMM5, or AISWMM_CONFIG_DIR.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill notes that `swmm_run` writes artifacts into a run directory, but the description does not clearly warn users that invoking it creates multiple files (`rpt`, `out`, `stdout`, `stderr`, `manifest.json`) and may overwrite or populate caller-supplied paths. In agentic settings, insufficient disclosure of write side effects can lead to unintended data modification, storage abuse, or unsafe use on sensitive directories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal