Back to skill

Security audit

NVS Node.js Version Manager

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Node.js version-management helper whose install and environment-changing commands fit its purpose, but users should review those commands before running them.

Install only if you want an assistant to help manage Node.js versions through NVS. Review any command that clones from GitHub, sources shell scripts, downloads Node builds, removes versions, or changes defaults, and prefer explicit confirmation before persistent changes such as aliases or default links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrases are broad enough to match routine discussion about Node.js versioning, which can cause the skill to trigger in contexts where the user did not ask to manage runtime versions. In an agent setting, unnecessary activation increases the chance of unsolicited operational guidance or script execution suggestions, especially because this skill includes installation and environment-changing actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation criteria are broad enough to trigger on generic phrases like Node.js version management, compatibility issues, or project setup needs, which can cause the skill to activate in contexts where it is not specifically needed. In an agent setting, over-broad invocation increases the chance of unnecessary guidance, unexpected script suggestions, or accidental exposure to helper actions such as install scripts.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger language is broad enough that the skill could be invoked for general Node.js version-change requests without clear boundaries or confirmation requirements. In an agentic environment, overly broad activation can cause the assistant to surface commands that modify the runtime, install software, or change defaults in contexts where the user did not explicitly request those system changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes commands that install software, clone from remote repositories, download Node.js builds, and remove installed versions, but it does not warn that these actions change the system state and may access the network. In an automated assistant context, this increases the risk of unreviewed execution of destructive or environment-altering commands.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script clones code from a remote GitHub repository and then immediately sources and executes a shell script from that repository in the current shell context. Even though this is expected installer behavior for a version manager, it still creates a supply-chain risk: if the repository, network path, or checked-out content is compromised, arbitrary shell commands could run on the user's machine without an explicit warning or integrity verification.

Session Persistence

Medium
Category
Rogue Agent
Content
### Version aliases
```bash
# Create an alias
nvs alias myproject 18.20.0

# List all aliases
Confidence
72% confidence
Finding
Create an alias nvs alias myproject 18.20.0 # List all aliases nvs alias # Remove an alias nvs alias myproject ``` ### Run commands with specific versions ```bash # Run a script with specific Node

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.