Exec Local

Security checks across malware telemetry and agentic risk

Overview

This skill clearly aims to run shell commands, but that gives broad control over the container and possible SSH-managed hosts without clear guardrails.

Install only if you intentionally want an agent to run arbitrary shell commands in this container and possibly orchestrate a host through SSH. Use it in a tightly isolated environment, avoid untrusted prompts or command strings, and verify filesystem mounts, network reachability, and available credentials before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly exposes arbitrary shell command execution inside a container and describes it as a general-purpose capability without any limitation, approval requirement, allowlist, or warning about the risks. Even if scoped to a container, this can enable destructive actions, data access, lateral movement through mounted secrets or network access, and privilege abuse depending on the runtime environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal